I'm using OAuth in my web app, and users can login with twitter.
I want to add "switch twitter account" button, which actually clears the session and then opens the authorize_url.
As clearing the session in my web app doesn't log out of twitter, the authorize_url will automatically authenticate the current twitter.com user. That means I can't do logout, unless I send the user to twitter.com.
Is it possible with the API? What is the best way to implement this?
Thanks.
The session with Twitter is defined by a cookie owned by Twitter -- something you do not have control over. You cannot log them out of Twitter on their behalf.
If you want someone to be able to use your "switch twitter account" functionality, you'll need to pass them off to the OAuth handshake again, but use the /oauth/authorize path instead of the /oauth/authenticate path. This will allow the user to switch their user credentials at Twitter during the handshake instead of just re-authenticating using their existing Twitter session.
Alternatively, you could have a separate notion of users in your own app whereby you have your own user model that has many twitter accounts associated with it. That way, you could allow your users to switch accounts more seemlessly. They would have to authorize your app up front for each of their twitter accounts, but you would have all their oauth keys for each of their twitter accounts after that.
You can use oauth/authenticate and add force_login=true as specified in http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-authenticate. This will prompt the user with a login form.