If the access token is lost you pretty much start the process over again. Get a new request token, redirect to twitter, user provides new pin, get new access token, and use it.
On Tue, Dec 1, 2009 at 2:34 AM, Fauzil Hamdi <[email protected]> wrote: > really ? > so, if users lost their access token, application must request again and > users will input the pin code again. > is that so ? > > 2009/12/1 Josh Roesslein <[email protected]> >> >> Yeah that is pretty much the gist of it. >> >> On Tue, Dec 1, 2009 at 12:36 AM, Fauzil Hamdi <[email protected]> wrote: >> > correct me if i wrong : >> > no access token yet : >> > - request token >> > - redirect to oauth/authorize with the token as parameter >> > - users allow application to access their twitter >> > - users get pin >> > - users enter pin on j2me application >> > - application try to get access token with pin (oauth_verifier) >> > - application store the access token on device database >> > has access token : >> > - application get the access token from device database >> > - application user the token to access twitter >> > is like that ? >> > >> > 2009/12/1 Josh Roesslein <[email protected]> >> >> >> >> Responses to questions below. Hope it helps. >> >> >> >> Josh >> >> >> >> >> should i get request token everytime user want to login ? >> >> >> >> You must fetch a request token when ever you begin a new OAuth >> >> handshake. >> >> You need this to build the authorization redirect url which sends the >> >> user >> >> to >> >> twitter to authorize your application. >> >> >> >> >> should user enter pin code everytime ? >> >> >> >> The user must provide you with the PIN code if you are not using >> >> callback >> >> URLs. >> >> This being a j2me application, you will probably just be using the PIN >> >> method, so >> >> you don't need to worry about callbacks for now. >> >> >> >> >> should i get access token everytime ? >> >> >> >> No. Once the user has authorized you just re-use the access token. The >> >> only time >> >> you need to re-do the handshake is if the access token gets revoked. >> >> >> >> >> if no, how to authenticate user ? should i save the access token on >> >> >> my >> >> >> database ? >> >> >> >> You wil want to probably store the access token on the device. So when >> >> ever you application >> >> accesses twitter look to see if you have an access token. If not do >> >> the OAuth handshake. >> > >> > > >
