I am writing a desktop application to easily allow a user to manage
multiple Twitter accounts (Such as for promotional purposes) and
easily switch between them without having to manually log out, then
log back in again.
There are a lot of things not explained well with OAuth.
1. Can an application have multiple access tokens open at the same
time, for different accounts? Or is the previous access token
invalidated as soon as a new user is authorized?
2. If it can have multiple access tokens, are the Token and Token
Secret the only information needed to authorize a request for a
3. When using the authorization headers and generating the base
signature, are all of the authorization parameters (excluding
oauth_signature) merged with the request parameters?