On 8/13/10 12:15 PM, Krot Vyacheslav wrote:
> Hello, all!
> I am a newbie to twitter api, so i have a simple question. I'm making
> single sign on with twitter on my site. Everything works fine, but one
> thing reallly annoyes me! If the client is signed in twitter and has
> already granted access to my application twitter asks him again after
> redirect during request authorization phase. Can I eliminate it
> somehow? Can twitter just immediately redirect user back with
> auth_token and verifier without asking questions?
> Perhapse I'm doing something completely wrong?

No, you can't.

An alternative would be to store the oauth data *encrypted* in a cookie,
and check whether the cookie is valid. However, this may be a security
threat: cookies can be stolen, so they should only work on one computer.
I wouldn't recommend limiting it to one IP, but it is an option.

Tom

Reply via email to