I use the Twitter Anywhere API and OAuth to authenticate users on my website. The cookie with the accessToken expires after two hours, which is why the user needs to login and connect to Twitter regularly. The workaround would probably be to store the auth_token in a cookie and provide it the next time the user loads the page after the cookie set by twitter expired.
Now something that is not clear to me: I’m also providing Facebook as an authentification method and somehow it doesn’t forget the login. The Facebook JS API doesn’t store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
I use the Twitter Anywhere API and OAuth to authenticate users on my website.
Share
It makes a cross-domain request to facebook.com, to see if there are cookies under that domain that indicate there is a user currently logged into Facebook in some other browser window/tab.
Once it has figured out that a) there is a logged in user and b) this user has used your app before – it logs him in to your app on the fly and gives you a fresh (short-lived) user access token to work with.