Question1: According to the diagram here:
...after the user authorized the requesting application, when he
clicks Sign in With Twitter, he should only get the the twitter login
screen and then be redirected back right? But all the live examples
I've seen still ask the user to allow the app to access etc.
Question2: After you get the access token, whats next? Storing it and
the user id/username in database for background logins and operations?