Reputation: 1849
Will resetting my Application's keys in Twitter invalidate my users' access tokens?
I've had my consumer key and secret hardcoded into the app I worked on.
Now I'd like to lock down the keys so that only admins can access the consumer key/secret.
I'd like to reset my application keys but keep my users' access keys and secrets in place, so they won't be forces to reauth.
From the test I ran it looked like that's fine (old access_keys continued to work hashed with the new app keys).
Is that correct? ie, is that possible, and if so, is it part of some OAuth standard or twitter specific?
Edit: From experience, I've now seen that the users' access tokens are not invalidated. This is not something general about OAuth, just Twitter.
Upvotes: 1
Views: 486
Answers (2)
Reputation: 8963
Actually, you're right, it will work because you reset the consumer credentials for your already existing app. With a new consumer key/secret pair for the existing app I see no reason why this would not work.
The access token is connected to the application, not to the application credentials. This however means that existing access tokens will not work with any new application you create.
Upvotes: 1
Reputation:
In theory it should not work, because the oAuth access token is tied to the consumer key and consumer secret provided by Twitter.
Upvotes: 1
Related Questions
- How to revoke user access token granted by Twitter to an app via Twitter REST API
- Do twitter access token expire?
- If i change my twitter username does API keys change?
- Twitter OAuth API - Allow user to revoke application access from application
- Refresh token with Twitter API
- Do Twitter User Tokens Expire as of API v1.1?
- Twitter oauth refresh token
- How Do I Let Users Sign-In Via Twitter without Invalidating Previous OAuth Tokens and Secrets from Previous Visits?
- Twitter Application Token Expires
- Twitter Oauth question