one potential option is to use "sign in with twitter" - http://apiwiki.twitter.com/Sign-in-with-Twitter
you will get oauth tokens for the user (which you could store in your database), and it means that you may not need to build a sign in mechanism. On Thu, Feb 11, 2010 at 8:30 AM, Paul <[email protected]> wrote: > I'm just starting to develop a web-based Twitter api application (in > PHP), which should allow multiple users to tweet through the website. > I'm experienced developing websites with PHP, but I've never worked > with the Twitter API, and I see that the preferred authorization > method is with OAuth, which I've also never worked with before. > > I'm still getting into the conceptual stages now, and I know my > terminology is fuzzy, but I understand that a user goes through the > 3rd party website (which has a revocable key after registering with > Twitter, which I've already done), and then the end user goes through > the the 3rd party website to Twitter to authorize the 3rd party site > to post for them, without ever revealing the user's ID or password to > the 3rd party site, by returning an access token. And according to > the Twitter OAuth FAQ, the token never expires unless revoked by the > user or the app itself is de-authorized by Twitter. > > My question at last is then, what are good practices for the 3rd party > site? Should the site request the user to reauthorize with Twitter > each & every time he/she comes to the site? Should the 3rd party site > have it's own login/username/password for users and store the token in > a database? Should it offer to store the token as a cookie on the > user's computer? > > I played with twitgoo.com, which asks a user to "Sign in & Update". > If I authorize & close the browser, and then start the browser again > and go to the site, I'm still "logged in"; without having asked if it > should keep me logged in. That doesn't seem so good if the user is on > a shared computer. > > SO -- is there any common consensus on how maintaining user info/ > tokens should be done? > > Thanks for any feedback, > > Paul > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
