Noooooooooooooooooooooooooo. You should always be prepared to request new tokens on behalf of users, and you should always be ready to swap your app's consumer key and secret.
Never store any sort of hardcoded string -- like your tokens -- in your applications. Worst case, put them in a human-readable config file the system parses out on-load. (Some frameworks make it easy. .NET .config files, Python YAML files.) Better, store everything in a DB, and be prepared to re-approve and re-pop your DB on the fly. ∞ Andy Badera ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=(andrew+badera)+OR+(andy+badera) On Thu, Aug 27, 2009 at 12:22 PM, slexten...@alice.it<slexten...@alice.it> wrote: > > Hello, I just want a confirmation. > I need to build a library to enhance my CMS. > I need that news added on my portal are added to Twitter too. > I got my Twitter account, and I got my Twitter application. > To add a tweet by code I allowed my app on my twitter account. > I derived from a debug session the OAuth Token and the OAuth > TokenSecret so, since those values will not expire, I store them in my > app and I use without re-log/auth my app. > > Is this a correct approach? > Thanks >