tags:

views:

34

answers:

2
Q: 

Twitter Authentication Questions

I have two questions (does that violate etiquette?) surrounding Twitter authentication.

The first question is this. I'd like to store the access token that I receive but it is a dictionary object. Do I store the whole dictionary object or just some of the pertinent parts.

Secondly I'd like to know how to log the user out. I found this link that would help log a user out of Facebook - is there anything similar to this for Twitter (or is this logout method a bad idea) http://m.facebook.com/logout.php?confirm=1&next=

+1  A: 

You need the access token key and secret to be able to access the API. It doesn't really matter how you store it as long as you store it somehow. The application you are giving access will have a way of storing the data. Unless you are creating a new OAuth application or adding support to an existing application. In which case you will want to store the key and secret using whatever key/value system that is idiomatic (the right way) for that language (i.e. pickling, or config file for python).

The consumer (application) that is given the key and secret will have access to twitter on the user's behalf.

To revoke a particular access key, you login to twitter as the user and go to http://twitter.com/settings/connections. Each application that has a valid access token is listed on that page and can be revoked. Consumers are not really ever logged in like users are, they authenticate using the access key and secret.

kanaka  2010-10-14 04:18:45
Thank you - this is some good information.
swasheck  2010-10-14 13:36:20
+2  A: 

What you need to understand is that the OAuth protocol does not define "login" and "logout" concepts, those are inherent to your application. OAuth is a protocol to allow a consumer (your application) to access a resource owner's (one of your users) data stored by a resource provider (in this case, Twitter).

Do I store the whole dictionary object or just some of the pertinent parts.

As far as I know, you only need to store the access token to be able to continue making inquiries to the server for the resources you requested (requesting new resources might require getting another access token). Keep in mind that this token may expire, and may be revoked at any time by the user directly through Twitter, and without your knowledge. This is by design in OAuth.

I'd like to know how to log the user out

There is no "session" in OAuth, that is a concept relevant to your application.

André Caron  2010-10-14 04:24:53
Thank you very much. That was quite helpful.
swasheck  2010-10-14 13:35:57

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python