Hi there,
We did add screen_name and user_id to the return URL after
authorization but it had to be removed for security reasons. Namely,
since that URL is not signed in any way someone could feed you an
incorrect screen_name/user_id and incorrectly link the wrong twitter
account to your account. After going through all of this with the
OAuth group we switched back to the verify_credentials method despite
the pain in the butt. I've yet to find any more secure way to add that
in, sorry.
Thanks;
– Matt Sanford / @mzsanford
Twitter Dev
On May 8, 2009, at 1:53 AM, David W wrote:
Hi there,
I've got my application working sweetly with Twitter authentication,
but the number of round trips is annoying me. Presently before I can
look a Twitter account up in my code, I must call verify_credentials
to find out the authenticated session's Twitter user_id. Is there some
way to avoid doing this?
At the moment the OAuth dance is more like a prolongued waltz because
of this. :) Something like 5 round trips for a new user on my service.
Thanks,
David.
