Manuel Lemos - 2012-11-07 21:46:30 - In reply to message 3 from Shane Whittaker
By default the class uses session variables to store previously retrieved tokens. This can be changed by overriding a couple of functions in a sub-class if you need it.
So, as long as the user session is valid and the token did not expire, the class will no longer redirect the user to make him authorize again.
Also, some sites like for instance Facebook and others, do not show the dialog asking the user for authorization again if he previously authorized your application. So if the class redirects the user to the authorization page, the OAuth server will redirect the user back to you with a token with the granted authorization.
Manuel Lemos - 2012-11-12 01:52:28 - In reply to message 5 from Shane Whittaker
In that case you need to notify the user to provide permission by coming to the page where you make him go through the OAuth authorization process again.
This is what happens in the PHPClasses site when an user that authorizes the site application revokes the authorization later on the OAuth server site.
In any case, I can add a function to invalidate access tokens just in case the user has not exited the browser after he revoked the authorization.