I'm currently developing an iPhone app that interfaces with Twitter.
On initial purchase and setup, the application would function
completely independent of our service, interacting directly with
Twitter, and can continue to be used without our service. This is the
typical use case of xAuth, so no problems here.
However, if the user chooses, our server will monitor Twitter on
behalf of the user for the purpose of sending push notifications. This
choice would be opt-in, obvious in function and be described clearly.
For the best user experience, I'd like to be able to just pass the
OAuth tokens to the server for its use, rather than requiring the user
to go through an additional round of authentication. Is this
acceptable, or would I need to force the user to go through a round of
I tried to research this a bit, but didn't see anything that directly
addresses this issue. Thanks for any advice!