The user should authorize both applications.

Yes, you can store the token and secret. That's what most apps do.

On Oct 30, 2009, at 3:15 AM, YCBM <> wrote:

> Hi All,
> New to Twitter oAuth.  We're building an app which will use the oAuth
> system vs. basic auth.  As we're hoping that our app will be
> integrated into other Twitter apps that support oAuth, is there a way
> that if a user is authenticated by signing into the original app that
> they can hand that off that authorization to my app?  After processing
> some data, we send back an XML response to the calling app.  Does the
> user need to give permission to our app separately?
> Also, we're using Abraham's twitteroauth as a starting point which
> seems to work well.
> Can the token and secret be stored for that user or is that a security
> concern?
> Thanks
> ycbm

Reply via email to