On Jan 3, 7:39 am, ryan alford <ryanalford...@gmail.com> wrote:
> In the Desktop workflow, you don't have to enter the PIN every time.  The
> user is NOT required to authorize your application every time they want to
> use it.    After the first authorization, YOU store the access token and
> access token secret either in a database, file, or some other type of
> storage mechanism.  You use those stored values until they expire(which
> could be never).
> Ryan

Yes ... but you should inform the user that you are storing these
tokens on their behalf, and you should inform the user what privileges
they have granted you application. In my case, it's not a big
inconvenience for the user to go through the oAuth process every time
the app runs, so I don't do it. And I think there are some things that
aren't obvious about security and privacy when you just point your
browser to the "allow/deny" decision page. My users tend not to
believe in "magic" and tend to want to know what can possibly go
wrong. ;-)

I'm in the process of writing my own wrapper text for the oAuth
process. Once that's done, I'll add the code to save the tokens.

Reply via email to