Hey so this is likely an ongoing discussion topic, and I’m not too sure why all the implementations do not provide some method for logging out users server-side. Here’s THE ISSUE:
User visits my site, successfully logs in with Twitter REST/OAuth api (works…), user does some stuff, and then walks away from the computer (or clicks my logout button which destroys my session and makes their login on MY site invalid - works). The someone else comes along, opens a new tab, and visits twitter.com where they are presented with the other users logged in twitter account.
Now I’ve run into this situation with implementing the Facebook and Google OAuth solutions - both provide a client side mechanism for logging the user out of their respective accounts when a logout link is clicked (which i subsequently load in a hidden iframe for them when MY logout flow is triggered)
Here is THE QUESTION: Does Twitter not have any means for me to ensure the user who has walked away from a public computer (or worse thought they’d signed out) to sign out ?