Refresh token with Twitter API

1
votes

I'm wondering if Twitter has an API endpoint that exchanges an expired access token with an active one. The way that I have the login flow working right now goes something like this.

// Request a token and redirect to the authorization page
$token = $this->twitter->getRequestToken();

// Set the session data
$this->session->set_userdata('oauth_token', $token['oauth_token']);
$this->session->set_userdata('oauth_token_secret', $token['oauth_token_secret']);

// Redirect the user to the authorization page
header('Location: https://api.twitter.com/oauth/authorize?oauth_token='.$token['oauth_token']);

The page that the user is redirected to will prompt the user to authorize my app each and every time they want a valid access token. Upon accepting the authorization, the user will be redirected to the callback URL. At my callback URL, the following happens

// Get the parameters from the URL
$token = $this->input->get('oauth_token');
$verifier = $this->input->get('oauth_verifier');

$oauthToken = $this->session->oauth_token;
$oauthSecret = $this->session->oauth_token_secret;

// Get the access token
$access = $this->twitter->getAccessToken($verifier, $oauthToken, $oauthSecret);

Does such a way exist for an access token to be generated without having to authorize my app each and every time?

1
twittertwitter-oauth

1 Answers

1
votes

According to Twitter's OAuth FAQ, tokens don't expire unless a user explicitly rejects your application or an admin suspends your application.

If you want your users to be able to login repeatedly without having to reauthorize, you'll need to come up with a mechanism for storing the tokens (cookies, database, etc.).