On Jan 3, 7:39 am, ryan alford <ryanalford...@gmail.com> wrote: > In the Desktop workflow, you don't have to enter the PIN every time. The > user is NOT required to authorize your application every time they want to > use it. After the first authorization, YOU store the access token and > access token secret either in a database, file, or some other type of > storage mechanism. You use those stored values until they expire(which > could be never). > > Ryan
Yes ... but you should inform the user that you are storing these tokens on their behalf, and you should inform the user what privileges they have granted you application. In my case, it's not a big inconvenience for the user to go through the oAuth process every time the app runs, so I don't do it. And I think there are some things that aren't obvious about security and privacy when you just point your browser to the "allow/deny" decision page. My users tend not to believe in "magic" and tend to want to know what can possibly go wrong. ;-) I'm in the process of writing my own wrapper text for the oAuth process. Once that's done, I'll add the code to save the tokens.