So I've done some research to add a register and login feature to my new app. I want to add the following things: Facebook, Twitter and my own register/login options for the users.
I've dived into some SSO from Facebook, looked into some php scripts on how they do it. So basically correct me if İ'm wrong.
User clicks on Facebook button
App checks if user is already in the database with the oath_provide en oauth_uid
If not: User is getting asked by Facebook API for accepting
App submits the oauth_provide (Facebook) and oauth_uid (user id) from the media that they've chosen to my SQL database.
User accepts and logs in to my app.
User is logged in
Same is probably for Twitter. Thanks in advance!
Related
I've implemented Twitter Login in my iOS app with the following tutorial:
https://dev.twitter.com/twitter-kit/ios/twitter-login
But after I chose a Twitter account when I log in the first time, the app always defaults to this account. I would like to enable users with multiple accounts to select the Twitter account they'd like to log into each time.
How can I re-enable the UIActionSheet that allows the user to select which Twitter account they want to use for login?
There is a method Twitter.sharedInstance.logOut to delete the local Twitter user session. And you also should clear Twitter-related cookies in NSHTTPCookieStorage to prevent using of old credentials in further UIWebView-based login sequence.
The new Twitter Kit 3.0 now supports this flow by default. Every time that login is called, the user will be able to add or change their Twitter account.
I am adding Twitter and Facebook login to a MVC 3 test application using TweetSharp and Facebook C# SDK.
Currently when a user signs in using Twitter I create a user account for that user in a user table and store the id, token, and token secret in a separate table with a foreign key to the user table. Since the id, token and token secret do not expire I can quickly locate the right user account when the user logs in next time using Twitter.
What if the very same user logs in using Facebook next time? Since Twitter does not provide email in their API and I therefore have no common piece of information to tie a user account to either Twitter or Facebook I assume I have to create a new user account for a Facebook login? Does anyone have any experience with this? Are there any ways to solve this?
I identify each user internally with a unique key. I check cookies for the user key when any user hits the site. If there's no cookie I create a new key. add it to the user database and set a new cookie. Once a user completes registration the first time by logging in with any of Facebook, Twitter or .Net membership , that key is forever married to that user.
So when an existing Twitter user logs in for the first time with Facebook, we know who they are because their user key exists. It is basically the same solution as macou suggested. Macou's has the plus of working on a new machine or if cookies are cleared, the cookie solution has the plus of not requiring additional user input.
Not really a solution, more of a work around. I was faced with the same problem and ended up forcing the user to complete thier account profile by asking for their email address before allowing them to proceed any further. This meant that if the email address coming back with the Facebook auth matched the email address created with the twitter signin then I didn't need to create another account.
The bigger difficulty was coming the other way, if the account was created by the facebook auth first. It meant an untidy marry up of accounts.
To be honest the information we got from allowing users to sign in with twitter was not worth the effort and in the end finished up only allowing Facebook auths. I'm not sure how important twitter is to your solution.
Not the perfect answer I know, but I thought I would share my experience.
You can't use just a cookie because I can login as facebook then my wife login as twitter using the same browser, you shouldn't link the two accounts in this case.
I think you need to do more than that:
Use a cookie then
Use name/first name/login name/... to see if they match.
Example:
Cookie id: 18459439731114330636, find user with id = 18459439731114330636. Found, go to 2, not found, go to 3.
Is username/first name/last name/... matches the current user? if yes, link accounts. if not, go to 3.
Create a new user.
I am using twitter #anywhere JS API in my application and don't know how to use their methods and properly execute them. At present, I am following this docs for the API.
I am working on a scenario where, I need to check from my app, if any twitter user is logged in on the same browser, get the current twitter user details and cross check with my app for the twitter user. If the user exists in my app, automatically login the user. (more importantly it should not ask the user to connect to the twitter app. Without asking the credentials I need to get the currentUser)
NOTE: Facebook already supports this type of method. We can get the facebook loggedin user session from getSession() method.
Is there anyone there to help me out on this one?
I have successfully let users to connect to my web application with twitter oauth. And I can insert user information after they logged in.
My problem with is that existing users are always redirected to the Allow/Deny application screen on twitter each time they click on sign in with twitter.
How can I skip this step for my existing users so they don't have to click on allow every time they sign in?
I am using this library: http://www.haughin.com/code/twitter/
thanks.
This is done with the Sign in with Twitter flow. Instead of sending users to https://api.twitter.com/oauth/authorize?oauth_token=xyz send them to https://api.twitter.com/oauth/authenticate?oauth_token=xyz. In this case if the user has previously authorized your app and are already authenticated with twitter.com they will automatically be redirected back to your app without being prompted to allow/deny access.
When a user authorizes your application to use their Twitter account, Twitter gives you two tokens: OAuthToken and OAuthTokenSecret.
Stores these tokens in a cookie, or a settings file, or whatever.
Then, the next time you need to make a request to Twitter on behalf of this user, you use those tokens.
I have a facebook fbml app and a web application. I want my web application users to be able to add my facebook app. Seems simple, right?
Currently, I am making the connection by adding a param to the canvas page link in my site. For example, I have a link that says "add our fbook application" which links to http://apps.facebook.com/our_fbook_application?suid=786432878923
suid is the logged in user's uid on my site. Adding this to the canvas link params allows me to connect their site uid to their fbook uid on my site. This way when requests come in from facebook, I can authenticate them based on solely the fbook uid after the connection is made.
This seems like a security issue. I think an attacker could log into their facebook account and guess user id's by calling http://apps.facebook.com/our_fbook_application?suid=x and when x corresponded to a suid on my site, he would be authenticated to see that user's data.
This connecting of a facebook app user to a website user seems like it should be really common practice, but all I can find these days is facebook connect examples which I am not supporting yet.
Can someone walk me through the steps to connect a facebook app user to my website user? Major bonus points if someone can do it in Rails with the facebooker gem.
Thanks!
don't pass the suid as a variable.
Instead, on your backend, associate the FB uid with the suid.
When the user accesses the app via website, he/she will have to log in (maybe through fb connect?).
When the user accesses the app via FB, your page should be able to determine the fbuid of the user and map that to the correct suid and log the user into your site.