What is the risk of storing a token? It can't be used outside your app. This is for sites that manage users. There's no need for a registration flow, at least one that is apparent to the user.
For new users, send them to Twitter for a one-time Oauth roundtrip. Upon receipt of the token, create a user in your system, assign them a password and use it to log them in. Provide them this password, and/or let them change it. That's pretty pain-free account creation. If you need to associate an existing logged-in user with their Twitter account, send them to twitter for Oauth once. When they return they'll still be logged in and you'll have the credentials for future use. On Sep 3, 6:57 pm, Abraham Williams <[email protected]> wrote: > If i don't want to manage an authentication system, risk storing passwords, > make users go through the paint of yet another registration flow then I > might consider just using Sign in with Twitter every time someone sign into > my site. > > Abraham > ------------- > Abraham Williams | Hacker Advocate |http://abrah.am > @abraham |http://projects.abrah.am|http://blog.abrah.am > This email is: [ ] shareable [x] ask first [ ] private. > > On Fri, Sep 3, 2010 at 09:47, Bernd Stramm <[email protected]> wrote: > > On Fri, 3 Sep 2010 01:27:34 -0700 (PDT) > > Ken <[email protected]> wrote: > > > > I thought I had found a solution, albeit a horrendously ugly one: > > > redirect them tohttp://twitter.com/logout, but even that doesn't > > > work. > > > > If you are looking for reliable, don't log them in with OAuth - except > > > once, the first time, when you store their token. > > > Indeed. > > > If you already have the token, why would you make them log in? > > > If you get a new token every time they visit your 3rd party ("consumer") > > site, you generate a lot of authorized tokens, ALL of which are valid > > for the rest of eternity, or until twitter decides that it should be > > possible to invalidate tokens. > > > Bernd > > > -- > > Bernd Stramm > > [email protected] > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk?hl=en > > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
