On 4/16/09 10:56 PM, Dimebrain wrote:
It should be no different than if you persisted the access token yourself and went to call the API a few weeks after doing so, you should be able to trust that your token won't expire.
But this still leaves the question of "how do I get and/or know the token secret for the returned AccessToken" ... this is the current execution path:
Consumer invokes oauth/request and receives a RequestToken and corresponding token secret. Consumer directs user to oauth/authenticate with RequestToken. Assuming user authenticates and authorizes the application, Provider directs user back to callback URL with an AccessToken. Consumer now has a RequestToken and secret, and AccessToken without its secret.
That AccessToken is effectively useless to the Consumer. -- Dossy Shiobara | [email protected] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
