On 8/13/10 12:15 PM, Krot Vyacheslav wrote: > Hello, all! > I am a newbie to twitter api, so i have a simple question. I'm making > single sign on with twitter on my site. Everything works fine, but one > thing reallly annoyes me! If the client is signed in twitter and has > already granted access to my application twitter asks him again after > redirect during request authorization phase. Can I eliminate it > somehow? Can twitter just immediately redirect user back with > auth_token and verifier without asking questions? > Perhapse I'm doing something completely wrong?
No, you can't. An alternative would be to store the oauth data *encrypted* in a cookie, and check whether the cookie is valid. However, this may be a security threat: cookies can be stolen, so they should only work on one computer. I wouldn't recommend limiting it to one IP, but it is an option. Tom