It’s up to your application to persist the access token and secret and represent that as the user’s identity in context to Twitter. The access tokens last forever (or until they get revoked by the user). If you don’t want them to have to approve again, don’t send them through the OAuth process again and just keep using their token.
If you don’t have a means to persist their tokens and/or you’re using a session which could disappear (not recommended), you may like the features available in oauth/authenticate as opposed to oauth/authorize on the 2nd step of the OAuth flow. If oauth/authenticate is used and the end-user already has approved a token for your application, it will redirect to the specified URL in oauth/request_token without prompting the user.
