Unfortunately, best as I can ascertain, that would violate the OAuth spec (I may, of course, be wrong -- I often am :-) ). There are RW tokens and RO tokens, but no Auth-only tokens. The best you could hope for, given the current state of the spec, would be for an app to simply get, then discard, the Access token.
This is a good use case for OAuth, and perhaps should be brought up with them as a scenario for future versions of the spec. On Mon, Sep 28, 2009 at 14:47, Jim Renkel <[email protected]> wrote: > > Yes, you can check the "Yes, use Twitter for login", or not. I'm not > sure what this does, either way. > > But you have to select one of the "Read & Write" or "Read-only" radio > buttons under the "Default Access type:" heading. There doesn't appear > to be any way to turn them both off. > > So it seems you have always request (and receive) at least read access > to the data of user's that authorize your application to act for them on > twitter. > > This is what I and others were trying to point out, and object to: you > can't authorize without granting read access. > > Why authorize without granting read access? Just to verify that they are > the twitter user they claim to be, without reading, or writing, any of > their data. > > Jim Renkel > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Brian > Smith > Sent: Monday, September 28, 2009 09:32 > To: [email protected] > Subject: [twitter-dev] Re: About the oneforty application directory > > > Dossy Shiobara wrote: > > It would be nice if Twitter made "authentication only" as an option > for > > OAuth. > > Twitter already has this. It is called "Sign in with Twitter." > > - Brian > > > -- Internets. Serious business.
