Create serverside application for direct messaging, Pin problem


#1

I need to create notification application. It should be server side app and it posted direct messages and public depends of problem category. No human interaction))

I registered app under my account. Get concumer key and secret. Switched access from read only to rw+access to direct messages. Next thing I use erlang_oauth. First I start with their twitter example app. Next I make request token call. Lib make request and give me token. Next I login to my account in browser. Copy past url with request token to browser, allow access for my application and get PIN. Without with empty pin get access exception in my app.

Restart application, get new request token and input this PIN. It was not valid any more. Next time I pause after get request token. Login in browser, copy-past generated url, get pin, input pin to app and get access token pair. I should save that access pair and use it for my auth. But get several problem with all this activities.

First how long request tokens is active? For example, I send url to client by email, and they get it next day. Will those request token will be valid?
Second how long access token will be valid if user will not reject their approval?


#2

The OAuth sequence is meant to be completed within a few minutes – sending the links via email will not work. Access tokens are valid until the user manually severs the relationship.


#3

What if we create several web pages just for auth and save created access tokens? Next step use that tokens to send notifications. Question: Does twitter oauth verify that given token was for site and not for some serverside app in some case may be with other domen name?