ok thanks josh.... 2009/12/1 Josh Roesslein <jroessl...@gmail.com>
> If the access token is lost you pretty much start the process over again. > Get a new request token, redirect to twitter, user provides new pin, > get new access token, and use it. > > On Tue, Dec 1, 2009 at 2:34 AM, Fauzil Hamdi <asfau...@gmail.com> wrote: > > really ? > > so, if users lost their access token, application must request again and > > users will input the pin code again. > > is that so ? > > > > 2009/12/1 Josh Roesslein <jroessl...@gmail.com> > >> > >> Yeah that is pretty much the gist of it. > >> > >> On Tue, Dec 1, 2009 at 12:36 AM, Fauzil Hamdi <asfau...@gmail.com> > wrote: > >> > correct me if i wrong : > >> > no access token yet : > >> > - request token > >> > - redirect to oauth/authorize with the token as parameter > >> > - users allow application to access their twitter > >> > - users get pin > >> > - users enter pin on j2me application > >> > - application try to get access token with pin (oauth_verifier) > >> > - application store the access token on device database > >> > has access token : > >> > - application get the access token from device database > >> > - application user the token to access twitter > >> > is like that ? > >> > > >> > 2009/12/1 Josh Roesslein <jroessl...@gmail.com> > >> >> > >> >> Responses to questions below. Hope it helps. > >> >> > >> >> Josh > >> >> > >> >> >> should i get request token everytime user want to login ? > >> >> > >> >> You must fetch a request token when ever you begin a new OAuth > >> >> handshake. > >> >> You need this to build the authorization redirect url which sends the > >> >> user > >> >> to > >> >> twitter to authorize your application. > >> >> > >> >> >> should user enter pin code everytime ? > >> >> > >> >> The user must provide you with the PIN code if you are not using > >> >> callback > >> >> URLs. > >> >> This being a j2me application, you will probably just be using the > PIN > >> >> method, so > >> >> you don't need to worry about callbacks for now. > >> >> > >> >> >> should i get access token everytime ? > >> >> > >> >> No. Once the user has authorized you just re-use the access token. > The > >> >> only time > >> >> you need to re-do the handshake is if the access token gets revoked. > >> >> > >> >> >> if no, how to authenticate user ? should i save the access token > on > >> >> >> my > >> >> >> database ? > >> >> > >> >> You wil want to probably store the access token on the device. So > when > >> >> ever you application > >> >> accesses twitter look to see if you have an access token. If not do > >> >> the OAuth handshake. > >> > > >> > > > > > >