Auto Authorize Twitter Web App

Question

I am using Oauth to create a way for users of our website to login using their twitter account. However, It's quite annoying that everytime they click to sign in with their twitter account they have to grant access each and every time.

Couldn't it work so that if it has been granted once they don't have to keep granting access? Therefore removing a step. I'm using the steps found in:

http://net.tutsplus.com/tutorials/php/how-to-authenticate-users-with-twitter-oauth/

Thanks for any feedback!

Answer 1

I found the answer after talking to some developers on twitterapi irc

Bascially I was going to https://twitter.com/oauth/authorize with all my oauth, what I need to do was go to https://twitter.com/oauth/authenticate instead. That then gives forever authorization.

Answer 2

When the users connects, you receive an access token and a secret token, which are used every time you ask anything to the Twitter API.

If you wan't your users to stay connected to twitter, you only have to save in your database those two tokens. (They are user specific, don't use one token for every user). When you know these tokens, you don't need to ask the user to grant access, you can directly use them to call the API.

If a user removes rights for your application, you won't be able to use his tokens any more, and you will have to ask him to grant access a new time.

Answer 3

You need to start the token / token secret you get in a database or other long term storage method. Then you pass it into the object that does the OAuth authentication so you don't have to keep asking your user. With PHP you can store them in a MySQL or similar database and load them into $_SESSION when the user logs in to pass the values.