What to do with twitter oauth token once retreived?

Posted by mcintyre321 on Stack Overflow See other posts from Stack Overflow or by mcintyre321
Published on 2010-05-12T16:31:10Z Indexed on 2010/05/12 16:34 UTC
Read the original article Hit count: 198

Filed under:
|
|

I'm writing a web app that will use twitter as its primary log on method. I've written code which gets the oauth token back from Twitter. My plan is now to

  1. Find the entry in my Users table for the twitter username retreived using the token, or create the entry if necessary
  2. Update the Users.TwitterOAuthToken column with the new OAuth token
  3. Create a permanent cookie with a random guid on the site and insert a record into my UserCookies table matching Cookie to User
  4. when a request comes in I will look for the browser cookie id in the UserCookies table, then use that to figure out the user, and make twitter requests on their behalf
  5. Write the oauth token into some pages as a js variable so that javascript can make requests on behalf of the user
  6. If the user clears his/her cookies the user will have to log in again to twitter

Is this the correct process? Have I created any massive security holes? thanks!

© Stack Overflow or respective owner

Related posts about oauth

Related posts about twitter