Sharing Items from your Application on Facebook & Twitter - Storing Credentials

If you have a web application that will allow the users to opt-in to sharing their activity on Facebook and Twitter I'm wondering what is the right way to architect that social authentication into your application (and what is inline with Facebook and Twitter policies) so that you can tweet and post on your wall.

Do you store the users username and password in your database?

And then call the social APIs with these credentials. From what I have learned so far both these APIs make you do an OAuth redirect thing. Is their a way to do that without the dialog interaction since you now have stored the username and password anyways.

Not sure if this is an issue, but do you have to do two OAuth handshakes one right after the next to post to Facebook and then Twitter for those users that want to share on both.

And would you have to do this each and every tim开发者_Python百科e the user shares something?

I just launched TweetDeck and I wasn't required to get redirected through some exchange with Twitter. Confused.

Just need some help and guidance with "how most people do it" for web-based applications. The less prompting and less redirects the better.

I don't think storing the username and password would be a good way to go since I think most users would object to you keeping thiere usernames and passwords on file. I have not done any work with Twitter, but on Facebook you need to create an App and then ask the user to grant your app rights. These rights require the user to be loged in to Facebook in order to work, unless you request the offline_access permmission. From my experience, the fewer permmissions you request, the more users will be willing to grant you these permmissions. My approach is to always request the minimal permmissions I need to get the App to work. After granting your App permmissions, you need to get an OAuth token each time you want to interact with the user's Facebook account. (These tokens are good for about 60 minutes, as far as I remember) Storing these tokens will not help, since they expire. Hope this points you in the right direction.