问题
I'm using OAuth in my web app, and users can login with twitter.
I want to add "switch twitter account" button, which actually clears the session and then opens the authorize_url.
As clearing the session in my web app doesn't log out of twitter, the authorize_url will automatically authenticate the current twitter.com user. That means I can't do logout, unless I send the user to twitter.com.
Is it possible with the API? What is the best way to implement this?
回答1:
The session with Twitter is defined by a cookie owned by Twitter -- something you do not have control over. You cannot log them out of Twitter on their behalf.
If you want someone to be able to use your "switch twitter account" functionality, you'll need to pass them off to the OAuth handshake again, but use the /oauth/authorize
path instead of the /oauth/authenticate
path. This will allow the user to switch their user credentials at Twitter during the handshake instead of just re-authenticating using their existing Twitter session.
Alternatively, you could have a separate notion of users in your own app whereby you have your own user model that has many twitter accounts associated with it. That way, you could allow your users to switch accounts more seemlessly. They would have to authorize your app up front for each of their twitter accounts, but you would have all their oauth keys for each of their twitter accounts after that.
回答2:
You can use oauth/authenticate and add force_login=true
as specified in GET oauth/authenticate. This will prompt the user with a login form.
回答3:
Sorry for commenting as answer.
abraham solution works great, but for clearing username field you also need to add screen_name=
to GET request.
来源:https://stackoverflow.com/questions/1960957/twitter-api-logout