Should I update stored tokens every time user uses "Sign in with Twitter"?


Good afternoon.

My application uses the /authenticate method to make users “Sign in with Twitter”.
Now, each time a user signs in I update the stored tokens I have and I wonder if that’s a good practice.

I store those tokens in case I need to post something on user’s behalf or get any updated information.
Even though I know Twitter doesn’t expire its access tokens (at least the ones via /authorize), I thought it would be better to always - and only - keep the latest tokens.

So, what do you guys think?

Thank you in advance,
Leonardo D. Schlossmacher.


This is a good practice. You shouldn’t assume the token will always be the same and so you may as well store a new token for the user each time they pass through authorize or authenticate. Whatever is the most recent trumps anything from the past – and the user could have revoked your app at any time of their own volition. Just be sure and use the user’s ID rather than their screen name as your primary index for the access token.


Thank you, @episod.
It’s always awesome to get in touch with you from Twitter. :smiley: