api - Best practices - store Twitter credentials or not?

Question

I'd like to be able to give my users the ability to display their recent tweets on their profile on my website.

I have a PHP twitter wrapper and understand how to make API calls etc, but I'm just wondering how to manage the user information.

What is the best practice here? I want them to be able to enter their credentials once, but I would imagine storing everyones username/password myself isn't the best way to go about it.

• Is there a way to make an authenticated call once, and have twitter remember it?
• Should I store the usernames/passwords and then just make a call when displaying the tweets?

Any advice here would be great.

Thank you,

Answer 1

Use OAuth, no need to ask users for their passwords:

http://apiwiki.twitter.com/Authentication

I think everyone would/should probably agree that storing the twitter usernames/passwords is bad, I can't believe they ever created a situation where you needed it.