Allow private/protected Twitter profiles to be seen via Application tokens - twitter

So I'm building an app which allows to link a twitter user during registration. Now a problem which has been seen is that some twitter users have their profiles set to private and no post can be shown.
This is not a good thing as an admin should directly go to a twitter profile to manually (for now) check if a twitter profile is fake or not.
Now my question: is there a part of the twitter API where you can use tokens to generate a url which will be used to show tweets only for users which authenticated with my app?

No, there is no way to do this. A protected user must choose to allow another user to follow them in order for the Tweets to be seen. This is not part of the Twitter API.

Related

Firebase auth: switching providers

I'm currently building an application that uses sign in with Twitter. However, some users report losing their Twitter account (or also possibly getting banned from Twitter, etc), and am wondering if it's possible to switch those accounts to Google signin or email signin. Have not found docs on this, especially if the linked identifier is a Twitter handle instead of an email. Any help will be appreciated!
check here --> https://firebase.google.com/docs/auth/web/account-linking
But I think that the user must be logged in to do so, as you comment if they do not have how to enter with Twitter what you could do is a validation of additional data you have of the user (indicate their name, twitter user, something that you know about him) in a section that you build within the platform where new users can request to claim an account.

Is there a way to avoid the "https://www.googleapis.com/auth/plus.login" scope?

I'm building an app with Google Sign Up button. Google suggested for me to use Google+ instead, which I did.
I'm asking for users profiles and email address in two different scopes (https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile). However, I noticed that the scope https://www.googleapis.com/auth/plus.login is added automatically in the token request response.
Is there a way to remove it? I'd like only to ask users for the two I've mentioned in order not to have additional permission requests in the dialog box, and this one also causes a confirmation popup for access to users' circles (which I don't need). I've Googled about it a lot, but couldn't find anything related to this problem.
Previously you could not remove the plus.login scope from the Google+ Sign-In button, as profile information for users who had not upgraded to Google+ was not available from the Google+ APIs. Now you can choose whether you want to require a Google+ upgraded user and get access to the users' circles and the ability to write app activites, or just request basic profile information.
For full Google+ Sign-In include email and https://www.googleapis.com/auth/plus.login scopes.
For basic profile information include email and profile scopes. Note that these are just the bare strings profile and email - they are not in URL form.
The user's email address and profile information will be available from the Google+ profile endpoint. You can always allow users to upgrade to https://www.googleapis.com/auth/plus.login later using incremental auth so they can take advantage of access to circles users and writing app activities.
To use the Google+ Sign-In button you must request https://www.googleapis.com/auth/plus.login
plus.login includes a basic set of permissions that a generally useful including a request to read a users circles. Users can easily choose not to grant access to their circles for your app by simply selecting the 'Only you' option that is presented prominently on the consent dialog. However, it is not possible to reduce that set of permissions included in plus.login.

iOS Twitter website single sign on

Say that you have an iOS app, and a user that has one or more Twitter accounts set up on their device. Is it possible to load part of Twitter's mobile site into a UIWebView within the app with the user automatically signed in as one of those accounts?
Obviously, accessing the accounts would require the user's permission, which is fine. And probably after the first time, the site would remember the user anyway. But it would be nice to not force the user to enter their credentials again.
I know that I can use Reverse Auth to get OAuth tokens for an iOS Twitter account, but I haven't found anything concrete to allow me to exchange those tokens for authentication on twitter.com.
Well, according to Twitter's Taylor Singletary, it's not possible. Boo.

linking user accounts to their twitter/facebook/etc accounts

I have an existing rails app which uses 'devise' for authentication.
I would like user's to be able to link their twitter and facebook accounts to their account on my site, so that my application can post updates on their behalf.
Ideally:
When registering, you can choose to set up a standard account, or use twitter, Facebook, etc credentials.
If user chooses to use facebook credentials, I would still like them to be able to link their twitter account, so that my application can post to both at same time on their behalf.
A bonus would be allowing them to have identities which they could link twitter account A to one identity, then switch identities and use another twitter acccount.
My questions are:
if they use a standard account, and link facebook and twitter, are they going to be prompted to enter those credentials every time I post on their behalf? Or does omniauth give me an infinitely valid token?
I know devise can handle omniauth, but I can't seem to tell if it can handle what I am asking. It seems that it's omniauth support is more along the lines of just authenticating site users against twitter credentials not for linking multiples.
is there a rails gem that does this, and is well supported? I see socialite is no longer supported, but it seemed to be a one or the other type deal, not what I want anyway.
because I am already doing standard auth with devise, would it be simpler to just force users to create a standard account, and then use the twitter and facebook api's directly on top of that?
Looking for the best strategy here for doing what I want.
*note: If you think I can get 75% of what I want for 25% of the effort that all my goals would be, let me know. *
Thanks,
~S

How to authenticate that user owns twitter account?

I'm developing a social network. Users may register and share their twitter username (if they want). Wherever the user posts a comment or other content, his username is displayed. I would like to display the follow #userTwitter button, if the user has set the twitter account.
Now, everything works, the problem is to validate that the user is the owner of that twitter account. Right now the user could be entering any valid twitter account! Maybe using the Twitter api?
You can set your app up as a Twitter client, this way your user has to log into twitter to authorize your app, thereby verifying their twitter identity.
This is a couple years old but might be enough to get you started:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/

Resources