On Mon, 24 Aug 2009 05:21:05 -0700 (PDT)
"J. Dale" <dale.gonza...@gmail.com> wrote:

> I've read the http://apiwiki.twitter.com/Sign-in-with-Twitter FAQ and
> they say that access tokens don't expire.  However, it appears that
> they do.  Has anyone else noticed that storing access tokens in the
> database doesn't really work?

Even if access tokens do not expire, there are other reasons why they
may fail to persist. Your algorithm for using a token should include a
recovery method in the event that authentication fails. Given the work
flow for Sign-in-with-Twitter, that should be a matter of storing the
request in a way that the landing page for your app can recover it and
direct the user there after re-authenticating. If the user is logged
into Twitter and hasn't revoked your App then they won't see anything
while the redirection is occuring.

Chris Babcock

Reply via email to