really ? so, if users lost their access token, application must request again and users will input the pin code again. is that so ?
2009/12/1 Josh Roesslein <jroessl...@gmail.com> > Yeah that is pretty much the gist of it. > > On Tue, Dec 1, 2009 at 12:36 AM, Fauzil Hamdi <asfau...@gmail.com> wrote: > > correct me if i wrong : > > no access token yet : > > - request token > > - redirect to oauth/authorize with the token as parameter > > - users allow application to access their twitter > > - users get pin > > - users enter pin on j2me application > > - application try to get access token with pin (oauth_verifier) > > - application store the access token on device database > > has access token : > > - application get the access token from device database > > - application user the token to access twitter > > is like that ? > > > > 2009/12/1 Josh Roesslein <jroessl...@gmail.com> > >> > >> Responses to questions below. Hope it helps. > >> > >> Josh > >> > >> >> should i get request token everytime user want to login ? > >> > >> You must fetch a request token when ever you begin a new OAuth > handshake. > >> You need this to build the authorization redirect url which sends the > user > >> to > >> twitter to authorize your application. > >> > >> >> should user enter pin code everytime ? > >> > >> The user must provide you with the PIN code if you are not using > callback > >> URLs. > >> This being a j2me application, you will probably just be using the PIN > >> method, so > >> you don't need to worry about callbacks for now. > >> > >> >> should i get access token everytime ? > >> > >> No. Once the user has authorized you just re-use the access token. The > >> only time > >> you need to re-do the handshake is if the access token gets revoked. > >> > >> >> if no, how to authenticate user ? should i save the access token on > my > >> >> database ? > >> > >> You wil want to probably store the access token on the device. So when > >> ever you application > >> accesses twitter look to see if you have an access token. If not do > >> the OAuth handshake. > > > > >