Yeah that is pretty much the gist of it.
On Tue, Dec 1, 2009 at 12:36 AM, Fauzil Hamdi <asfau...@gmail.com> wrote: > correct me if i wrong : > no access token yet : > - request token > - redirect to oauth/authorize with the token as parameter > - users allow application to access their twitter > - users get pin > - users enter pin on j2me application > - application try to get access token with pin (oauth_verifier) > - application store the access token on device database > has access token : > - application get the access token from device database > - application user the token to access twitter > is like that ? > > 2009/12/1 Josh Roesslein <jroessl...@gmail.com> >> >> Responses to questions below. Hope it helps. >> >> Josh >> >> >> should i get request token everytime user want to login ? >> >> You must fetch a request token when ever you begin a new OAuth handshake. >> You need this to build the authorization redirect url which sends the user >> to >> twitter to authorize your application. >> >> >> should user enter pin code everytime ? >> >> The user must provide you with the PIN code if you are not using callback >> URLs. >> This being a j2me application, you will probably just be using the PIN >> method, so >> you don't need to worry about callbacks for now. >> >> >> should i get access token everytime ? >> >> No. Once the user has authorized you just re-use the access token. The >> only time >> you need to re-do the handshake is if the access token gets revoked. >> >> >> if no, how to authenticate user ? should i save the access token on my >> >> database ? >> >> You wil want to probably store the access token on the device. So when >> ever you application >> accesses twitter look to see if you have an access token. If not do >> the OAuth handshake. > >
