Hi Rich, You are correct on most points here: the access token does not expire until the user explicitly revokes it.
Twitter doesn't offer any kind of lifecycle events at the moment that can directly tell your application when a user has revoked their token. Instead, you'll just get an appropriate HTTP status code when you attempt to use an expired/revoked access token. Today access tokens tend to be deterministic, but they should always be considered as opaque identifiers. One should never rely on the access token being the same for the same user through multiple access token negotiations. Always assume that the only valid access token & secret pairing is the one provided to you through the access token OAuth step at the time of execution. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 1, 2010 at 2:08 PM, Rich <richard.frain...@gmail.com> wrote: > I have a basic question about token lifespan management. > > I am using TweetSharp 1.0 with a WPF 3.0 C# application. > > I request that the user allow the desktop application to update their > status at certain times in our application workflow. If the user > grants permission, I store the access token and access token secret in > the registry for use in future sessions. > > I believe the token does not expire, but can be revoked by a user. > > If the user subsequently revokes the application's permission outside > of the WPF application, I would like to understand this and dispose > the access token and access token secret. What is the best way to do > this? > > Finally, if the user reauthorizes the application to update their > status, will the user-application token pair remain the same? (That > is, if they reauthorize from within Twitter, can I recover the token > pair?) > > > -- > To unsubscribe, reply using "remove me" as the subject. >