On Fri, Sep 3, 2010 at 11:29, Ken <k...@cimas.ch> wrote: > What is the risk of storing a token? It can't be used outside your > app. >
Much less risk that having users register with your app with a password. > > This is for sites that manage users. There's no need for a > registration flow, at least one that is apparent to the user. > > For new users, send them to Twitter for a one-time Oauth roundtrip. > Upon receipt of the token, create a user in your system, assign them a > password and use it to log them in. Provide them this password, and/or > let them change it. That's pretty pain-free account creation. > Having users set up a password is a registration flow. You then also have to set up a mechanism for when they forget their password, keep the password safe, etc. Better then most sign up processes but it is still "yet another password". > If you need to associate an existing logged-in user with their Twitter > account, send them to twitter for Oauth once. When they return they'll > still be logged in and you'll have the credentials for future use. > Abraham ------------- Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en