I am using TWTRLogInButton to enable users to log into my iOS app using their Twitter credentials. This means that once the user authorizes my app via Twitter, they can log in without re-entering their Twitter login credentials.
Once a user has logged in using Twitter, I'd like to set up a settings panel in the app that requires users to re-authenticate using Twitter. In other words, I want them to enter their Twitter username and password in order to access the settings. (This is because my app is sometimes used in a public settings, and some users would like to disable sharing directly to Twitter from the app. The settings panel would authenticate the user first to determine whether to disable sharing to Twitter throughout the rest of the app).
What is the best way to re-authenticate Twitter users in objective-c? Should I be using the REST API?
Related
I've created an iOS app that allows a user to log in with Instagram. I use a web view to display Instagram's authorization page as detailed here. This works great for Instagram users who signed up with a user name and password. However, Instagram also offers the option for new users to create an account using their Facebook account, and users who have gone this route are unable to log into my application because the Instagram login page doesn't give an option to authenticate with Facebook. How do I allow these users to log into my app?
I'm making an app that is running on iOS 6.1.3 and Facebook SDK 3.5. When the app launches, the user is asked to authenticate with Facebook. I ask for read permissions here and have an access token after a successful connection.
However, one of my features involves showing a UIWebView popup inside of my app that is on the Facebook mobile website. Ideally, I'd like to be able to have the user load this UIWebView and be logged into Facebook automatically on the mobile web version without having to reenter their credentials. Is this possible? If so, how could I go about doing this?
I guess a simpler way of describing what I'm trying to do is:
1) User logs into MyApp and grants me permissions with an access token.
2) User opens Safari. Right now, going to m.facebook.com will prompt user to login once more.
Q) How can I get it to where the user is automatically logged in on m.facebook.com using the access token that I have?
Thanks!
So I've searched for this topic a lot and may be over complicating things but would love some clarity on it. So here's the issue.
I have a web app that uses Facebook Graph (FB Login, friends invite, sharing through FB, etc). We've just built an iOS app for the website and now want to implement all the above FB actions on the iOS app as well. I looked up the Facebook documentation and have tried using that to getting just the Facebook login to work for a user that's already registered on our website (and has their Facebook account connected as well) but it doesn't seem to work.
Use case - A user registers on the web app and connects their FB account with us. They then download the iOS app and want to use FB login to login to the iOS app or share objects on their timeline. A vice versa case should also apply.
Question - What should be the workflow between the ios App, web Server and Facebook for the use case above? Basically, how is the token and the secret passed so all three know we're talking about the same user and same FB account?
Any links or advice would be highly appreciated! Thanks!
In the case when a facebook authed webapp user first starts the native app, you won't know who they are. So they need to be prompted with a "login with facebook" button. When they hit that button, the facebook-ios-sdk will figure out who the logged in user is and then check if that user has already granted your application access. If the web app and the native app both point to the same facebook app, then the facebook-ios-sdk will simply store the authed access token, and you'll have access to everything your web app does on the native app.
The key here is that your web app and native app must point to the same facebook app (ie. same app id in developers.facebook.com). If it didn't, then the native app user would be re-prompted to grant permissions when they click the "login with facebook" button. Additionally, it's important that the user is logged into the same facebook account on the web app (which is based on cookies in the browser) and on the phone itself. The facebook-ios-sdk uses a couple of different ways to look for the active facebook account on the phone. It tries the iOS 5+ system facebook account, inter-app calls to facebook's own native app, the browser cookie for the web view instance running in your app, or bounce you out to safari and use the browser cookie in safari. Which ever one comes back first saying they have an active facebook account needs to have found the same facebook account as the one on the web app. In most cases, they will match up because most users only have a single facebook account and are logged in everywhere with the same account, but they certainly can be different. In the off chance that the web app facebook user is not the same as the native app active facebook user as detected by facebook-ios-sdk, then the "login with facebook" button will simply prompt the native app active facebook user to log in and grant permissions.
Once the access token has been granted to the native app, you can send it back to the server, find the associated facebook user id, and now the web app user and the native app user can be linked to be the same person operating both apps. Additionally, any graph api calls you want to make on the server can be made on behalf of the user using the up-to-date access token you just got from the native app. Any sharing/posting/api calls made directly in the native app through the facebook-ios-sdk will be done as this user and will be handled by the sdk (ie. you won't need to worry about it... it should just work seamlessly and integrate all posts to their timeline just like the web app's graph apis can).
In the case where you have a facebook authed native app user going to the web app, you also won't know (on the first request) who this user is. You can present them with a facebook js sdk login and, again, once the same facebook user logs in, you can associate this current web app user as the one who was on the native app earlier.
Specifically addressing your question, you really have no way of knowing who a migrating user is on either the web app or the native app when they first come to the app. That's where the "login with facebook" comes in. Assuming the user is logged into the same account on the browser as well as on their phone (as determined by the facebook-ios-sdk), then the process of logging into your app is seamless. They won't be prompted to grant permissions a second time (unless your permissions set is different between the web app and the native app) and you'll be given the user's access token immediately. The role of the server is to reconcile the two users by using the granted access token. With the access token, the server can make a simple call to the graph api and get the user's facebook user id. Using that facebook user id, you'll be able to match up the "true" identities of the users on your apps (ie. you now know that the web app user and the native app user are one and the same). Once you know who the user is, you'll be able to provide a personalized experience to that user, based on his identity, regardless of whether he's using your web app or your native app.
Hope this helps. Happy to answer more questions that you may have.
I log into my Twitter account. Then I visit this twitter app website. I click sign-in with Twitter link, I am redirected to Twitter authorization page, I give auth. Then I see member page of app website. Then I check authed Applications from my Twitter account: https://twitter.com/settings/applications
I see that I authed that application. Then I remove all cookies of app website. But I don't logout from Twitter website. I revisit app website and click Sign-in with twitter.
Without Auth confirmation I am redirected to members page. How can it be?
I understand that they save my auth tokens inside their database and use to verify credentials. But without cookie etc. how can they know that I'm that Twitter user?
Is it possible to know that user logged in to Twitter?
This problem can be solved when "authenticating" is used rather then "authorization".
Authorization needs permission everytime user sign-ins, authentication needs permisson if user didn't give permission previously or he/she revoked the permission.
That is called as transparent login.
Note: Authentication doesn't include DM access.
https://dev.twitter.com/docs/auth/implementing-sign-twitter
I'm developing a social network. Users may register and share their twitter username (if they want). Wherever the user posts a comment or other content, his username is displayed. I would like to display the follow #userTwitter button, if the user has set the twitter account.
Now, everything works, the problem is to validate that the user is the owner of that twitter account. Right now the user could be entering any valid twitter account! Maybe using the Twitter api?
You can set your app up as a Twitter client, this way your user has to log into twitter to authorize your app, thereby verifying their twitter identity.
This is a couple years old but might be enough to get you started:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/