Assuming that the authentication process is handing you off the actual access token, it makes sense that it can't be exchanged. I don't think the token will expire on you though, at least today, so you don't really need any more verification other than maybe running account/ verify_credentials against it.
It should be no different than if you persisted the access token yourself and went to call the API a few weeks after doing so, you should be able to trust that your token won't expire. On Apr 16, 10:46 pm, djMax <[email protected]> wrote: > Ok, I've dug into some basics of OAuth and also the code of Tweet#. > After authorization, I'm armed with my user record and a map of it to > an OAuth token (A) and secret (T1). Now, weeks later, the user > returns to my site with no cookies (let's say). So I show them the > Twitter signin button. They click it. My server calls RequestToken > from Twitter and gets a token (and a secret?). It sends them to > Twitter, they login, and then Twitter redirects to me with a OAuth > Token (A) on the URL. > > That's where I'm confused:what do I do next? If I try to turn that > OAuth Token into an access token, it fails, assumedly because it > already is an auth token. But I must have to contact Twitter somehow > to verify that the oauth token the browser passed me is still good > right?
