On Mon, 24 Aug 2009 09:53:33 -0700 (PDT)
Dewald Pretorius <dpr...@gmail.com> wrote:

> That gives me absolute nightmares, when I need to do API calls on user
> accounts when the user is not logged in to my site.
> 
> I need the OAuth tokens, which will stored in my database, to remain
> valid until the user revokes the access of my app. Meaning, once a
> user authorizes my app and until he removes that authorization, there
> must be no reason whatsoever for the user to again be physically
> involved in any authorization process.
> 
> This is not unique to my app.
> 
> This is required by any app that does batch API calls on Twitter
> accounts.

Welcome to the wild world of HTTP. HTTP 1.1 defines 38 response codes,
only one of which you would accept graciously from a contractor working
on your bathroom if you urgently had to go pee. Think, "Two weeks."

I'm not being blasé. There are only three things you can count on in an
Internet environment - uncertainty, desktop application programmers'
having nightmares and system programmers realizing belatedly that they
might possibly have been more sensitive - well, two things you can
count on.

Twitter plainly intends for specific tokens to persist (and they may
even do so already), but even so apps need to plan to fail any time a
request goes out over the wire. That's a reality of the programming
environment that isn't specific to OAuth and Twitter.

Chris Babcock

Reply via email to