We’re starting to look at integrating more Twitter functionality into our app, which will require users to be logged in, rather than just relying on guest authentication, and I’m trying to understand what tokens TwitterKit is actually using, and how to detect when things change.
I have an iOS simulator with a system Twitter account. Fabric is configured with the keys for our Twitter app, which is currently read-only. I did what I thought was a simple test:
- Launch the app, which then loads a timeline in a
TWTRTimelineViewController. This works, and presumably acquires a guest token behind the scenes, but the
TWTRSessionStoredoesn’t show any sign of an existing session once it’s done.
- Show a
TWTRComposer, which appears to acquire a token for my Twitter account from the system. This isn’t tied to our Twitter app, so posting the tweet works, event though our app is read-only.
- But it also seems to acquire a token from our app, which shows up in my account settings on twitter.com. (And this happens when I display the composer, even if I don’t actually attempt to post the tweet.)
- If I then revoke the token for our app, the timeline no longer loads.
- The framework logs the error to the console (a 401, with a clear “expired or invalid” message), but does not appear to make any effort to acquire a new token.
- If I pass the session and the error to
-[TWTRSessionStore isExpiredSession:error:], it returns
NO, which is clearly wrong.
- If I use the composer to post another tweet, that works just fine, since it’s not using our Twitter app at all. There is no apparent attempt to (re)acquire access to our Twitter app.
What should our app be doing to detect this situation and recover from it?