ML7
#1
I would like to enable users to log into a website using their twitter accounts. Some rules from https://developer.twitter.com/en/developer-terms/policy confuse me:
Once someone on your service authenticates via Sign in with Twitter you must clearly display their Twitter identity. Twitter identity includes the person’s current Twitter @handle, avatar, and Twitter logo. Any display of someone’s Twitter followers on your service must clearly show that the relationship is associated with Twitter.
Does this mean that if I allow users to log in using Twitter, I have to always represent them using all above mentioned data (@handle, avatar and Twitter logo). I am not going to display tweets or any of the like on the website. In my website users are represented by their username with no avatar. Is this ok or should I add an avatar (and twitter logo) for twitter users? I would also like to use the email of the user as their username (maybe with some prefix like “Twitter:”), as emails are already used like this on my site. Is this ok or do I have to use the @handle as the username?
You must present people with easy to find options to log into and out of Twitter, for example via the OAuth protocol. The Sign in with Twitter option must be displayed at least as prominently as any other sign-up or sign-in feature on your service. You must also provide people without a Twitter account the opportunity to create one via Twitter.
I don’t want to store the user’s access token, since Twitter API is only used for the authentication of the user. Storing the access token would only be an unnecessary risk for the user. Should I in any case provide a user with a way to log out of Twitter? What is a good way of doing this? Would it be a good idea to redirect the user to the logout page of Twitter after they log out of my website?
system
closed
#2
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.