I've been working closely with social integrations and the oauth framework for authorization. I know that, like Facebook, Twitter implements an oauth hook for its applications. My question is, is there a way to keep an access token active forever? Much like Facebook has its offline access permission, I would like to be able to only request that the user validate my app once (this is simply for an ease-of-use purpose).
When you implement OAuth for Twitter, you receive two tokens called OAuthToken and OAuthTokenSecret. You store these values in a settings file or a cookie or a database (or whatever) and then you use those tokens when submitting API requests in the future. This removes the need for the user to authorize the application every time.
Now, if the user revokes your application's permissions, then the tokens will no longer work.
来源:https://stackoverflow.com/questions/6331184/twitter-offline-access-for-developers