This project has moved and is read-only. For the latest updates, please go here.

handling Twitter Users who revoked Application access

Jan 15, 2013 at 4:43 PM
Edited Jan 15, 2013 at 4:44 PM

Hi Joe,

I hope I can explain this very easily :)

I had this scenario where I failed to handle the users who revoked the application access.

  1. User Authorized the application.
  2. The application stored the return keys to establish new connection later.
  3. The User Revoked application access on his twitter account
  4. When application try to establish new authenticated connection later I failed to catch the Unauthorized request using IsAuthorized method ( always return true ) even after he revoked access.

Thanks for your time.

Jan 15, 2013 at 4:48 PM

This is my Code

 credentials = GetCredntials(userID); // Get Credential from local DB

            auth = new MvcAuthorizer
                Credentials = credentials

            if (!auth.IsAuthorized) // Always return true.
                ViewBag.userNotAuthorized = true;
                return View();

Jan 16, 2013 at 2:58 PM


IsAuthorized is local only, meaning that it only checks to see if you have all 4 credentials, whether they're valid or not.  To verify that the credentials are valid, you can do a query for Account.VerifyCredentials, docs below:

I had originally considered whether to do the Account.VerifyCredentials, but decided not to because it would have been a hidden query that uses bandwidth and consumes rate limit.

If the user has removed your app, you should receive an exception with a 401 Unauthorized message, which is by design.  So, if you either go the Account.VerifyCredentials route where the credentials aren't valid anymore or catch the exception, then you would start the OAuth process over again to get a new set of credentials for that user.



Jan 17, 2013 at 4:22 AM

Thanks Joe, it is very helpful.