Hello, Matt. > This would require the application to know the users credentials - Why? We already have authorized tokens. When authorized application is making requests to Twitter API your (Twitter) engine is know which user the application is on behalf of. So Twitter could give us a one-time token to open in a web browser.
For example, I have a friend whose page is closed for non-friends. That's why to open "Following" page I need to be authenticated, for example that way: >>sent to Twitter: GET /oauth/get_website_token HTTP/1.1 Authorization: OAuth ....... ... <<received from Twitter: HTTP/1.1 200 OK web_token=a7b078a62c1123a79e2c06ca37541a5a298d Now I can open a link in a browser: http://twitter.com/NotAPublicPerson/following?web_token=a7b078a62c1123a79e2c06ca37541a5a298d When the user will open this link in a browser he/she will automatically logged in, and a specified web_token will be expired. Any cons of such a method? -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en