My application uses the /authenticate method to make users “Sign in with Twitter”.
Now, each time a user signs in I update the stored tokens I have and I wonder if that’s a good practice.
I store those tokens in case I need to post something on user’s behalf or get any updated information.
Even though I know Twitter doesn’t expire its access tokens (at least the ones via /authorize), I thought it would be better to always - and only - keep the latest tokens.
So, what do you guys think?
Thank you in advance,
Leonardo D. Schlossmacher.