Should you store Twitter OAuth oauth_token and oauth_token_secret?

Question

I'm trying to implement a "Login with twitter" functionality into my site and I've been digging up some tutorials on it.

Correct me if I'm wrong, the oauth_token and oauth_token_secret values changes whenever a user requests for them. Also I noticed that there isn't any practical use for the stored oauth_token and oauth_token_secret

As such is it necessary to store and update oauth_token and oauth_token_secret frequently in the database?

Answer 1

You're correct that the OAuth tokens may change if you request them again -- but if you don't request them again, they don't expire for a very long time. Therefore, the best strategy is to request OAuth tokens once when your user registers, store them in the database, and keep using the same ones, without requesting new ones the next time they sign in.

Of course, when you make a call later, you may find that the OAuth tokens are now rejected. This can happen for a number of reasons, most likely the user has revoked access from the Twitter settings page. At that time you should request a new set and overwrite the old ones. But it is unnecessary to do so unless the old ones stop working.