Hi Guys, I am working developing twe2's oAuth support and I have a quick question for the group. Obviously, oAuth solves us having to store the twitter-ers username and password on our system by delegating the authentication out to twitter, however, for the past couple of services I have created, the twitter username and password has been the only form of identification on our services, basically meaning that there is no seperate login account for our service.
So my question is it acceptable whenever the users' sessions on our site expires to redirect the user to the oAuth "allow twe2 access" page at twitter if they need to login to our site? Obviously if they never login to the site again the access_token may still be valid (unless they remove our app from their account) and the backend software still works like normal, but if they re-accept our application this will refresh the access token but I am ok with that. On a side note, the "Allow Access" page says the following "The application *Twe2* by *Twe2 Limited* would like the ability to *access and update* your data on Twitter". We are read only application it should read "The application *Twe2* by *Twe2 Limited* would like the ability to *access *your data on Twitter" Kind Regards, Paul Kinlan Twe2 Ltd - www.twe2.com