i have a twitter web app that allows users to submit tweets from my site. however they have to re login everytime they submit a new tweet. is there a way to save the oauth session and don't prompt the login screen until users clear browser cache?
A:
you need a db tables called user and user_tokens. Inside the user you have: id, user_oauth_secret, user_oauth_token. Inside the the user_token you need this columns: id, user_id, token, created, expires. make sure this token is unique (and long) with some random hash. now you can save this token to the user's cookie and find the right oauth data later.
antpaw
2010-01-09 10:56:41
whats the purpose of the user_tokens table? can't I store everything in the user table? thx
ulia
2010-01-09 11:08:32
because its a 1:n relationship. user can login form different computers and still be logged in on the first one. unless time() > expires.
antpaw
2010-01-09 11:21:03
i see. so which is stored user tokens is sent to twitter? is it user_oauth_secret? which one is for the cookie?
ulia
2010-01-09 11:24:30
ok so is this right? my app checks user browse for cookie, if it matches user_token.token and it'not not expired, sent the corresponding user.user_oauth_secret
ulia
2010-01-09 11:26:41
i think you need user_oauth_secret and user_oauth_token to successfully auth to twitter. you need to save them after the users logs in (they are send as get vars from twitter). you are right about the cookie.
antpaw
2010-01-09 12:28:38
what if a user has two twitter accounts? (and use the same browser) how would my site tell which twitter account is he currently signed in?
ulia
2010-01-10 00:08:23
+3
A:
When you get the callback from Twitter after the user has validated you, you'll receive an auth_token in the headers of the request; you're meant to cache that token, and supply it every time the user makes a request.
It sounds like you're not caching that token and supplying it when the user makes a request.
James Polley
2010-01-09 11:10:59
so many tokens, so confusing :) so the one I need to cache is auth_token of that user?
ulia
2010-01-09 11:15:14
A:
You have to maintain a long session with the user and save the access tokens. Cookies are commonly used to recognize users.
abraham
2010-01-09 21:40:22
A:
You need to store two tokens.
When you make the OAuth request the first time, it will show the Twitter auth screen. After auth, your OAuth callback page will get two query string parameters, "oauth_token" and "oauth_token_secret" for the user. You need to store these (probably in a database) somewhere.
Then, when you request OAuth permission again from Twitter, send the two tokens, and the user will automatically be authorized.
You shouldn't have to code this yourself. There are plenty of OAuth libraries out there.
gerard
2010-04-18 21:55:35
+2
A:
You need to store the oauth_token, you can use the same for all requests.
On the FAQ of Twitter API
How long does an access token last?
We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.
BrunoLM
2010-07-05 21:28:37