It would be nice to support applications that merely authenticate, never authorize. That is, they don't ask for permission to access Twitter on the user's behalf. Such an application would never direct a user to /oauth/authorize, and thus would never get a token secret from the authorization flow. Nonetheless, it might need a secure way to get the user's ID and name.
On Apr 17, 1:02 am, Abraham Williams <[email protected]> wrote: > The oauth_token returned from oauth/authenticate is the key from the users > access tokens. as long as you store the access tokens you can match the > returned oauth_token with what is in your database.
