Can OAuth be used to schedule Twitter status updates in the future?
I am developing a Twitter application for OAuth and I want to provide the ability to post updates in the future.
The basic plan is to run the script every hour and find any updates to be posted, then authenticate the appropriate user and use the API status / update call.
However, I don't know how I can use OAuth to do this. I obviously don't want to store their username and password - this defeats the OAuth Usage Object in the first instance.
If, however, this is the only option, then how can I not store a plain-text copy of my password, but still authenticate them?
a source to share
With OAuth, you will first need user credentials to get the oauth token. After you use the oauth token, you use the oauth token instead of these credentials. The only problem with subsequent calls under OAuth is any TTL (time to live) associated with the service side token. Twitter clearly has no expired tokens , so once you have a valid token, you can keep calling on behalf of the user. The only time you need to get credentials from a user is (1) during the initial stages of launching the application, or (2) if, for any reason, the user session becomes invalid (changed password, canceled user session, etc.).
See OAuth spec for details .
Please note that if you intend to use the same user token between calls to your application, you must be prepared to encrypt the token and store it securely. If someone captures your consumer key and secret, along with the user's token, the user can compromise their identity.
a source to share