

[Twitter] Security Bug? - erickhill
http://inessential.com/2013/02/19/security_bug_

======
bsimpson
Sh/couldn't an OAuth provider nullify their OAuth access tokens on a data
breach (or when a user changes his password)?

1) Provider cancels access token.

2) App tries to download data using old access token and is notified that the
token is now invalid.

3) App asks user to reauthenticate.

4) User logs in to provider and grants permission

At this point, everything is back to normal.

