Access Tokens, in Twitter's case, do not expire. According to the OAuth spec, they MAY expire, but do not have to. In Twitter's case, it seems they have decided to keep an access token valid until the access granted by said token is explicitly revoked by the user. Fetching a new access token in every session is not performant, and would require the user to approve access every time they signed in to your app.
On Wed, Oct 21, 2009 at 17:32, shawninreach <shawninre...@gmail.com> wrote: > > Im a little confused on why some people are saying you want to store > the access token after you get it. Dont you just want to keep it in > the session until the session expires or the user clears cookies? I > understand how to use the access token, im just confused on after the > session is expired your going to need to make the user click "I Allow" > later again and theres nothing that can be done about that and you > request new tokens so why store them in the database at all. Basically > im just trying to understand this process a bit more so I can safely > store only what I absolutely need to. Thanks guys for the help! > -- Internets. Serious business.
