What is the risk of storing a token? It can't be used outside your
app.

This is for sites that manage users. There's no need for a
registration flow, at least one that is apparent to the user.

For new users, send them to Twitter for a one-time Oauth roundtrip.
Upon receipt of the token, create a user in your system, assign them a
password and use it to log them in. Provide them this password, and/or
let them change it. That's pretty pain-free account creation.

If you need to associate an existing logged-in user with their Twitter
account, send them to twitter for Oauth once. When they return they'll
still be logged in and you'll have the credentials for future use.

On Sep 3, 6:57 pm, Abraham Williams <4bra...@gmail.com> wrote:
> If i don't want to manage an authentication system, risk storing passwords,
> make users go through the paint of yet another registration flow then I
> might consider just using Sign in with Twitter every time someone sign into
> my site.
>
> Abraham
> -------------
> Abraham Williams | Hacker Advocate |http://abrah.am
> @abraham |http://projects.abrah.am|http://blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
> On Fri, Sep 3, 2010 at 09:47, Bernd Stramm <bernd.str...@gmail.com> wrote:
> > On Fri, 3 Sep 2010 01:27:34 -0700 (PDT)
> > Ken <k...@cimas.ch> wrote:
>
> > > I thought I had found a solution, albeit a horrendously ugly one:
> > > redirect them tohttp://twitter.com/logout, but even that doesn't
> > > work.
>
> > > If you are looking for reliable, don't log them in with OAuth - except
> > > once, the first time, when you store their token.
>
> > Indeed.
>
> > If you already have the token, why would you make them log in?
>
> > If you get a new token every time they visit your 3rd party ("consumer")
> > site, you generate a lot of authorized tokens, ALL of which are valid
> > for the rest of eternity, or until twitter decides that it should be
> > possible to invalidate tokens.
>
> > Bernd
>
> > --
> > Bernd Stramm
> > bernd.str...@gmail.com
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk?hl=en
>
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to