With all that talk about OAuth, I thought I might share my experience
using it in for a mobile (j2me) twitter client.
I guess my approach is nothing new, and probably is not applicable to
iPhone apps because of the appstore distribution process, but anyways.
So the way I handle OAuth is as follows:
All application downloads are handled by my own server. Before
allowing user to download the app I initiate OAuth authorization with
Twitter and then, save user tokens along with generated unique id for
Once authorized, user is permitted to download the application which
is tagged with that unique user id I generated earlier.
Once user starts the app, it uses it's id to authenticate itself to my server.
All communicatin between Twitter and user's appication is
handled/proxied by the server that performs all necessary oauth
signing on behalf of the user.
So, this way I have all benefits of using OAuth in a mobile app.
The only drawback really, is that user must visit my web site at least
once to perform authorization.