If you don't have a database storing the access tokens or indefinite sessions on your webserver storing them, then the user will have to login everytime. There's no way to get an access token without users going through the OAuth detour. -Chad
On Thu, Mar 26, 2009 at 4:43 PM, Graeme Foster <[email protected]> wrote: > 2009/3/26 Chad Etzel <[email protected]> >> >> Won't have "read only access" accomplish this? You can check >> verify_credentials and never check anything else... but the OAuth >> login flow remains the same.. >> >> ..or am I missing something? >> -Chad > > We're trying to work out how to avoid a second OAuth login and authorization > just to check the identity of the user. The problem is that neither of us > have anywhere to store the token and so would require a new authorization > every time the service is used. > > If the client app can request another token (keeping its own, potentially > full access, token) and pass it to my web service, then yes, I suppose so... > But is that possible? I don't know. > > G. >
