Twitter oAuth token in PHP: what to do with long lasting token?
https://stackoverflow.com/questions/4069490
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have successfully implemented Twitter oAuth integration in my web project, which allows a user to register and/or sign in using his Twitter account. I made use of this library:
http://twitteroauth.labs.poseurtech.com/connect.php
I simply followed the steps in the documentation:
http://github.com/abraham/twitteroauth/blob/master/DOCUMENTATION
Although it works just fine, there is one thing I do not fully understand. It concerns step 7, where we are getting "long lasting credentials". The document suggests to store those credentials in a database.
It is not clear to me what the purpose of that would be. Would it mean that as long as the user has a session, I can use that token to access the Twitter REST API? So would it effectively be a session token?
Or, would it be more permanent than a session? If so, I fail to understand how to use this long lasting token, as in a signin scenario, I first need to know who the user is (which requires all of the previous steps), before I can make any API calls?
What is the purpose of storing these long lasting tokens, and how to use them?
Solution
The purpose of storing long lasting tokens is if your users use a different mechanism of authentication from Sign in with Twitter or if you need to perform actions on their Twitter account while they don't have an active session. For example if your users authenticate with OpenID or username/password you don't want to make them go through the Sign in with Twitter flow every time they comeback to your site. If you provides a service to say poll an RSS feed and tweet new entries you need to store the tokens as the user will not maintain an active session with the site. You will need to store the tokens associated with the user in a database so you know what tokens belong to who.
