Via Twitter’s Developer Site:

“Use Log in with Twitter, also known as Sign in with Twitter, to place a button on your site or application which allows Twitter users to enjoy the benefits of a registered user account in as little as one click. This works on websites, iOS, mobile, and desktop applications.”

“Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their Twitter account settings, or if Twitter suspends an application. If an application is suspended, there will be a note in the Twitter app dashboard stating that it has been suspended.

“Twitter keeps track of the authorizations, so for users already signed in to twitter.com who have authorized the application, no UI is shown – instead, they are automatically redirected back to the application.”

There are many websites, like this one who use Continue with Twitter / Login with Twitter” I assume that many sites responsibly implemented this and still set a password for the user and a user id but one thing I think most of us have not had to think about is what happens with “sign in with” (Apple, Google, Microsoft, Facebook, Twitter) go away?

Reducing friction in your app (web or mobile) to get folks to sign up is a good thing but when the service tracking authorizations (tokens) goes away, what then? It’s not the end of the world but it’s why I’ve never used any of these quick sign in cheats and always create an account with my email and password. It takes an extra 30 seconds but not only do I not trust that Sign in with Apple will be around 30 years later, I also don’t like the large tech companies being the gatekeeper to hundreds of 3rd party services. Facebook obviously loves knowing everything you sign up for. These “sign in with” services are not in existence as a public service. They benefit the companies who maintain them.

With the future of Twitter being so uncertain, anyone who has users who joined via a Twitter OAuth handshake may want to make sure they’re ready for that service that holds thousands of tokens to suddenly stop working. I would certainly stop offering their sign in with applet as an option for new users.