> Not sure I totally like this idea. Seems almost like double authentication > to me. > The user has to still sign in via the web to replicate the app and then we > have to fetch an access token > again by asking for their credentials?? So its like doing a 3-legged dance + > the xAuth.
No. The process generates a user access token along with a new "child" app key in one step. There is no additional xAuth step, and I suspect Twitter won't want xAuth-enabled app keys to be "childed" in any case. Like any user token, it does not expire until the user revokes it, which I assume in this case will probably never occur since it can only ever be used by the app key "child" instance they themselves generated. -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Put down your guns, it's Weasel Stomping Day! ------------------------------