Question1: According to the diagram here: http://apiwiki.twitter.com/Sign-in-with-Twitter ...after the user authorized the requesting application, when he clicks Sign in With Twitter, he should only get the the twitter login screen and then be redirected back right? But all the live examples I've seen still ask the user to allow the app to access etc.
Question2: After you get the access token, whats next? Storing it and the user id/username in database for background logins and operations?