currently using the Twitter API my users are prompted with a popup to log in with twitter and authorize the app.
I was wondering if there is a way to bypass that step (even if it's just a temporary unsecured workaround). For example, assuming each user uses the same twitter creds to authorize the app, can I hardcode the twitter creds in my app and have it not pop up to authorize each time? Or is there any other way to accomplish this?
Thanks
A user must authorize your app to use their account. In all cases, and in all circumstances.
You cannot hardcode credentials into the app, because apps are not permitted to authenticate to Twtter with user credentials. There is no way around this, and it is by design.
Related
I have an app having 2 personas: regular user and super users. For regular user, I just need to know their identify provided by Google (authentication). For super user, we need to access their Google Drive to store their information. Therefore, I need super users to authorize our app to allow us accessing their drive. And I know scope can be added in the OAuth sign in process to achieve this.
Edit: I am using Firebase Authentication in my app. By default, everyone will just be a regular user. Once they login, the user can opt-in to become super user, then our app will need to access their Google drive.
Question: Can I follow the same authentication process for both regular and super users, but then only ask super user to authorize our app using their drive after authentication is done? I don't want to add the OAuth scope to both types of users because regular user has no need for us to access to their drive.
So I'm building an app which allows to link a twitter user during registration. Now a problem which has been seen is that some twitter users have their profiles set to private and no post can be shown.
This is not a good thing as an admin should directly go to a twitter profile to manually (for now) check if a twitter profile is fake or not.
Now my question: is there a part of the twitter API where you can use tokens to generate a url which will be used to show tweets only for users which authenticated with my app?
No, there is no way to do this. A protected user must choose to allow another user to follow them in order for the Tweets to be seen. This is not part of the Twitter API.
I am wondering if there is a way to login automatically so that the username and password would be hardcoded into the app and it would be used as a way for the user to upload photos without them having to have a Flickr account?
From the sound of your question, you want your app to have a Flickr account associated with it so that users won't have to have their own Flickr account. Then, you want your app to authenticate with this account, and allow users to upload to it. Storing login credentials "hard-coded" is a terrible idea - someone poking around with the app bundle may be able to find the login info - which is why we have OAuth authentication schemes. By reviewing Flickrkit's github documentation, they have an API for authenticating your app. So what you would do is first generate the authorization token for the shared account using your app, then distribute the auth Token that's generated in NSUserDefaults in your application and use that as the auth Token for general distribution.
So...
Your question is kinda broad so I'm not sure this is the answer your looking for but maybe it'll help.
If the user must login then somewhere the login information must be stored as a variable. All you need to do is save those variables containing the login info and when your app loads run your function to login with those saved variables.
We are using google oauth2 permitting users to use their existing google accounts to log in to our system.
After being authenticated what is the proper way to manage active user session in our app for ex.
Let's suppose the user has logged in to our system with google account A. Then user logs out/changes google account to account B but not within our app but rather from its gmail. Should we also log him out him from our app???
(which seems to me bizarre and impossible as soon as there should be google API to check that the given user at the given time is logged in to google services).
The only way which seems to me reasonable is to invalidate user session after given timeout and only then we could make user re-pass oauth2 authorization flow.
Thanks in advance for your help.
The access_token or id_token your acquire from the Google OAuth2 Login flow is not coupled with the login sessions in the various Google apps (gmail, plus, ....).
There's no way for your app to know that the the user logged out of his gmail. Your app shouldn't care.
If your web app makes it clear to the user what account has been used to login initially (by displaying a username/picture or other info retrieved from the Google User Info call you should be ok.
Most users will not try to link your web application session with a gmail session for example.
Say that you have an iOS app, and a user that has one or more Twitter accounts set up on their device. Is it possible to load part of Twitter's mobile site into a UIWebView within the app with the user automatically signed in as one of those accounts?
Obviously, accessing the accounts would require the user's permission, which is fine. And probably after the first time, the site would remember the user anyway. But it would be nice to not force the user to enter their credentials again.
I know that I can use Reverse Auth to get OAuth tokens for an iOS Twitter account, but I haven't found anything concrete to allow me to exchange those tokens for authentication on twitter.com.
Well, according to Twitter's Taylor Singletary, it's not possible. Boo.