Best practices - store Twitter credentials or not?

Question

Best practices - store Twitter credentials or not?

I want my users to be able to show their latest tweets on their profile on my website.

I have a twitter shell for PHP and understand how to make API calls, etc., but I'm just wondering how to manage user information.

What is the best practice here? . I want them to be able to enter their credentials once, but I would suggest that storing the entire username / password alone is not the best way to do this.

Is there a way to make an authenticated call once and twitter will remember it?
Should I store usernames / passwords and then just make a call when displaying tweets?

Any advice here would be great.

Thanks,

+3

api credentials twitter

barfoon May 18, '09 at 19:43

source share

4 answers

You should never store unencrypted credentials of any type. If your solution involves using a plain text password, even for a short time you need to redo something.

, - cookie OAuth . cookie , .

( ) , Twitter , .

+3

Tim 18 '09 19:49

, , , http://twitter.com/statuses/user_timeline/ username.rss

Twitter OAUTH ( ). , ,

+3

blowdart 18 '09 19:49

, -, , .

If you needed to authenticate somewhere (possibly allowing users to send new tweets) on behalf of the user, it is best practice to invite the user at the time of the initial authentication, and then save any authentication token returned by the resource than the credentials used to obtain it.

0

Joel Coehoorn May 18, '09 at 19:48

source share

Neil trodden · Accepted Answer · 2009-05-18T19:47:19+0000

Use OAuth, no need to ask users for their passwords:

http://apiwiki.twitter.com/Authentication

I think everyone could / should probably agree that storing twitter username / passwords is bad, I can't believe that they ever created the situation you needed.

Best practices - store Twitter credentials or not?

More articles: