The user should authorize both applications.
Yes, you can store the token and secret. That's what most apps do.
On Oct 30, 2009, at 3:15 AM, YCBM <youcannotb...@gmail.com> wrote:
> Hi All,
> New to Twitter oAuth. We're building an app which will use the oAuth
> system vs. basic auth. As we're hoping that our app will be
> integrated into other Twitter apps that support oAuth, is there a way
> that if a user is authenticated by signing into the original app that
> they can hand that off that authorization to my app? After processing
> some data, we send back an XML response to the calling app. Does the
> user need to give permission to our app separately?
> Also, we're using Abraham's twitteroauth as a starting point which
> seems to work well.
> Can the token and secret be stored for that user or is that a security