On 2/11/2010 9:30 AM, Paul wrote:
My question at last is then, what are good practices for the 3rd party site? Should the site request the user to reauthorize with Twitter each& every time he/she comes to the site? Should the 3rd party site have it's own login/username/password for users and store the token in a database? Should it offer to store the token as a cookie on the user's computer?
Different strokes for different folks. Whatever you do, make it clear what your site is doing to the user If you want to store a username/password for your own site and then store that authentication information in a MySQL database, tell them that. And explain to them that they can revoke authentication at anytime through the Twitter website.
