just to add you can obtain the user id , screen name along with access
token/secret . You need to cache this.

On Mon, Aug 24, 2009 at 3:56 PM, Chris Babcock <cbabc...@kolonelpanic.org>wrote:

> > I understand that we can store the access token in DB.
> > but how do i know the logged in user's screen name after session
> > timeout?
> Nowhere in the entire OAuth workflow do you handle users' passwords or
> their usernames. A benefit is that you do not need the Twitter username
> to perform any function on the users' behalf with the Twitter API any
> more than you need the password.
> If it happens that you need the username for some other business reason
> then you can call a GET method that returns user profile information to
> obtain the user name. The account/verify_credentials methods is most
> common for this purpose, but reliance on this method can make your app
> subject to DoS because the call has a low, per-user rate limit to
> protect against brute force password hacking. You can obtain the user
> id from statuses/user_timeline as well. Send count=1 if you do not need
> the statuses themselves.
> Better yet, design your app to not require that you know the username,
> if possible.
> Chris Babcock

Reply via email to