The tokens you get back from authenticate and authorize are permanent and do not expire. They will continue to work unless the user revokes your application, you regenerate your applications consumer key/secret, or your application is deleted or suspended.
The tokens you get back will be the same from /authenticate and /authorize so long as none of the conditions above occur. Hope that helps, Matt On Thu, Sep 2, 2010 at 1:39 PM, Tom van der Woerdt <i...@tvdw.eu> wrote: > On 9/2/10 8:24 PM, Jonathan del Strother wrote: >> Hi, >> Our site offers cross-site logins using Twitter's authentication oauth >> url, and also has post-to-twitter functionality using the >> authorization url. To what extent are the tokens obtained from either >> of these interchangeable? It seems like I can use an authentication >> token to post tweets, for example. Is this guaranteed to stay like >> this, or must I get both authentication & authorization if I want to >> log a user in from their twitter account, and also post stuff to their >> twitter account? >> >> -Jonathan >> > > Hi Jonathan, > > Not 100% sure what you mean, but if you are talking about the difference > between "/oauth/authenticate" and "/oauth/authorize", then don't worry, > tokens are tokens :-) > > Tom > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk?hl=en > -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en