What is OAuth?¶
OAuth is an authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner’s Guide to OAuth from Hueniverse.
How long does an access token last?¶
Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their Twitter account settings, or if Twitter suspends an application. If an application is suspended, there will be a note on the apps.twitter.com page stating that it has been suspended.
What if an access token becomes invalid?¶
Assume a user’s access token may become invalid at any time. If this happens, prompt the user to re-authorize the application. Ensuring that this situation is handled gracefully is important for a good user experience.
The application registration page asks about read/write access. What constitutes a write?¶
Many users trust an application to read their information, but not necessarily change their user profile information or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires an HTTP POST. Any API method that requires an HTTP POST is considered a write method and requires read & write access.