While working on Twitter app, do we need to store user specific Access Token/Secret to our local database

I am working on a Twitter app. By going through the oAuth documentation and available scripts I am able to redirect the user to my callback uri and am receiving the user access object.

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
/* Get temporary credentials. */
$request_token = $connection->getRequestToken(OAUTH_CALLBACK);

What I understood is this is开发者_C百科 a permanent access object generated by twitter authorizing my app with this user. Do I need to save it in DB for further use. Is there any legal implications if I store user data.

My understanding is that we have to store the object in our DB and then use it when the user logs next time.

Can anyone confirm if this is the right approach. -Anand

You can store the access_token in a DB - that's not user data. That's your personal access key to their account. If you were instead storing their username/password to their account, that may be a problem.