On Fri, Sep 3, 2010 at 11:29, Ken <k...@cimas.ch> wrote:

> What is the risk of storing a token? It can't be used outside your
> app.

Much less risk that having users register with your app with a password.

> This is for sites that manage users. There's no need for a
> registration flow, at least one that is apparent to the user.
> For new users, send them to Twitter for a one-time Oauth roundtrip.
> Upon receipt of the token, create a user in your system, assign them a
> password and use it to log them in. Provide them this password, and/or
> let them change it. That's pretty pain-free account creation.

Having users set up a password is a registration flow. You then also have to
set up a mechanism for when they forget their password, keep the password
safe, etc. Better then most sign up processes but it is still "yet another

> If you need to associate an existing logged-in user with their Twitter
> account, send them to twitter for Oauth once. When they return they'll
> still be logged in and you'll have the credentials for future use.

Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to