Scribe - don't ask for permission when the application has already been accepted

Question

I'm using Scribe for login with google and Twitter. It works nicely, but I would like to allow the application to connect directly without the user's intervention if he already accepted it.

Is it possible with Scribe ? If yes, how can I do that ?

Answer 1

Yes. You can save the access_token and access_token_secret anywhere (db, key-value storage, session, etc) and use them until they expire (they are longlived for most providers).

EDIT (answer to the comments)

I guess you have a way of identifying your users, assuming this is called user_id, I'd store it in a persistent medium (not a session), something like this:

user_id

access_token

access_token_secret

Then, fetch the token and secret from the medium, and re-create the token with:

new Token(access_token, access_token_secret);

Answer 2

Yes. Use the following value of the authorize url for twitter:

Scribe scribe = new ServiceBuilder()
                .provider(org.scribe.builder.api.TwitterApi.class)
                .apiKey(...)
                .apiSecret(...)
                .callback(...);
Token requestToken = scribe.getRequestToken();
String authorizationUrl = "https://twitter.com/oauth/authenticate?oauth_token="
      + requestToken.getToken();
// and redirect user to the authorization URL
// twitter will redirect it back to the callback URL if 
// the user has already been authorized your app.