Paul, Ah, so you are saying that a token never expires? I did not realize that. I had assumed that the token was specific to a given session or timeframe. I'm going to experiment with this and get back on this.
Wally Paul posted in response to me Hi Wallace, http://www.Twollo.com does something similar to what you are describing (it hosted on the Google App Engine). You can store the users oAuth token secret, access token (and request token if you don't have the access token) and then use these at a later date to send authenticated requests to Twitter. The good thing is that once you have the access token it is unlikely to expire (unlike a users password) unless the user revokes access to your application. Admittedly there is some user interaction, but it is only at the start of the process, much like the current process of asking for a users username and password. Once it is all done it is easy to make authenticated requests to Twitter without any user intervention. This thread is mainly about the changes that were made to support desktop applications, but again, once the access token has been received the same applies as mentioned earlier. Paul