We use twitter login as well as allow users to manage their accounts from within our application. Now we have the following scenario in one of our apps :
- User logs in using twitter (we use /authenticate)
- User add a twitter account (we use /authorize since we need dm access)
- User can login any time to the application again ( /authenticate)
After this if the user logs in to our application again using the same account, we lose access to the direct message. The solution is to only use /authorize but then it displays the twitter screen every time a user tries to login to our application.
Is this the expected flow? I understand if the flow was /authorize -> /authenticate then the DM access stays. But what if the flow is /authenticate -> /authorize -> /authenticate ?