The user should authorize both applications. Yes, you can store the token and secret. That's what most apps do.
On Oct 30, 2009, at 3:15 AM, YCBM <youcannotb...@gmail.com> wrote: > > Hi All, > > New to Twitter oAuth. We're building an app which will use the oAuth > system vs. basic auth. As we're hoping that our app will be > integrated into other Twitter apps that support oAuth, is there a way > that if a user is authenticated by signing into the original app that > they can hand that off that authorization to my app? After processing > some data, we send back an XML response to the calling app. Does the > user need to give permission to our app separately? > > Also, we're using Abraham's twitteroauth as a starting point which > seems to work well. > > Can the token and secret be stored for that user or is that a security > concern? > > Thanks > ycbm