Reputation: 33
While working on Twitter app, do we need to store user specific Access Token/Secret to our local database
I am working on a Twitter app. By going through the oAuth documentation and available scripts I am able to redirect the user to my callback uri and am receiving the user access object.
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
/* Get temporary credentials. */
$request_token = $connection->getRequestToken(OAUTH_CALLBACK);
What I understood is this is a permanent access object generated by twitter authorizing my app with this user. Do I need to save it in DB for further use. Is there any legal implications if I store user data.
My understanding is that we have to store the object in our DB and then use it when the user logs next time.
Can anyone confirm if this is the right approach. -Anand
Upvotes: 1
Views: 239
Answers (1)
Reputation: 16439
You can store the access_token in a DB - that's not user data. That's your personal access key to their account. If you were instead storing their username/password to their account, that may be a problem.
Upvotes: 1
Related Questions
- Should the access token in oAuth be generated every time the user logs in?
- Do I need to Authenticate Every API Request?
- Questions regarding use of Twitter-Oauth API in php
- TwitterOAuth Store Tokens for offline use
- Twitter OAuth - Storing Tokens in MySql
- Should you store Twitter OAuth oauth_token and oauth_token_secret?
- OAuth - embedding client secret in your application?
- Storing Twitter OAuth in MySQL
- Abraham's Twitter oAuth PHP Library - Store user access tokens in WordPress database?
- Best practices - store Twitter credentials or not?