I am writing a desktop application to easily allow a user to manage multiple Twitter accounts (Such as for promotional purposes) and easily switch between them without having to manually log out, then log back in again.
There are a lot of things not explained well with OAuth. 1. Can an application have multiple access tokens open at the same time, for different accounts? Or is the previous access token invalidated as soon as a new user is authorized? 2. If it can have multiple access tokens, are the Token and Token Secret the only information needed to authorize a request for a certain user? 3. When using the authorization headers and generating the base signature, are all of the authorization parameters (excluding oauth_signature) merged with the request parameters?
