Our access tokens should be long-lived enough that users shouldn't have to come back to Twitter. Does that answer your question?
On Sat, Feb 14, 2009 at 00:39, Paul Kinlan <[email protected]> wrote: > Hi Guys, > > I am working developing twe2's oAuth support and I have a quick question for > the group. Obviously, oAuth solves us having to store the twitter-ers > username and password on our system by delegating the authentication out to > twitter, however, for the past couple of services I have created, the > twitter username and password has been the only form of identification on > our services, basically meaning that there is no seperate login account for > our service. > > So my question is it acceptable whenever the users' sessions on our site > expires to redirect the user to the oAuth "allow twe2 access" page at > twitter if they need to login to our site? Obviously if they never login to > the site again the access_token may still be valid (unless they remove our > app from their account) and the backend software still works like normal, > but if they re-accept our application this will refresh the access token but > I am ok with that. > > On a side note, the "Allow Access" page says the following "The application > Twe2 by Twe2 Limited would like the ability to access and update your data > on Twitter". We are read only application it should read "The application > Twe2 by Twe2 Limited would like the ability to access your data on Twitter" > > Kind Regards, > Paul Kinlan > > Twe2 Ltd - www.twe2.com > -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
