10
votes

I have watched some videos on authenticating using oauth and have gotten the authentication part going but I have the following of questions.

Q1- Do access tokens expire?

Q2 -Do I have to make the user go through the whole user authentication process (with user authenticating the app again) once the twitter access token expires?

Q3-Is offline access to user's content possible once we have the access token

Ok so just to give some more context this is the scenario I have. Basically our mobile app is looking to integrate with twitter and there is a server side to it which needs to munch user's twitter feeds. And this is how we are thinking of doing it. Once the user authenticates our app using the mobile platform, we want to store this user access token in our server, poll his feeds at regular intervals and do some data munching on his feeds. For that we need

-Offline access to user's data -Get a new access token without user's intervention if the previous one expires preferrably on the server side.

We don't want to have to go through user authenticating our app again.

1

1 Answers

15
votes

The OAuth 2 spec is written in such a way that expired access tokens are a supported use case. Search for "expire" in http://tools.ietf.org/html/rfc6749 for example.

That said, the Twitter OAuth FAQ states:

We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.

To clarify, Twitter's use of OAuth is much more basic than Facebook's or Google's. For details and further help, Google is your friend. ;-)