What is OAuth?¶
OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner’s Guide to OAuth from Hueniverse.
How long does an access token last?¶
We do not currently expire access tokens. An access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.
What do I do if an access token I have becomes invalid?¶
You should plan that a user’s access token may become invalid at any time and you will need to re-authorize for that user in the case that it does. Ensuring you handle this situation gracefully is imperative for a quality user experience.
The application registration page asks about read/write access. What constitutes a write?¶
Many users trust an application to read their information but not necessarily change their name or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires and HTTP POST. We stuck with the same restriction when implementing this. Any API method that requires an HTTP POST is considered a write method and requires read & write access.