I am having the strangest problem using Twitter API. I am using a Github package dg/twitter.php.
The problem: I am making an app that sends a status update to twitter and I store the status in my database, simple. But what is happening is it stopped asking me to login and always uses my twitter account, even from different computers and clearing all cache. The strange thing is that it seems like it has cached my account and there is no way to clear it. If i completely log out of twitter and go to the app, it no longer asks me to sign in, it just uses my account, so anyone who goes to the app submits tweets as ME.
I thought it had to do with my App settings so I reset everything, renewed tokens, but still the same problem. I uploaded files to another server using the same app tokens, and yet again the same problem. My twitter app only uses MY account and will not let me login because it acts like I am already logged in when I am not.
Does this make sense?
Since this app is a Facebook app, i realized I had a problem with the oauth creating a new token because FB uses an iframe which was conflicting with the authorize abilities twitter currently has.
Related
I'm using omniauth-twitter for twitter log in to the website and it works perfectly well (go to /auth/twitter, user authenticates, and then redirect_to /auth/twitter/callback). Great.
However, on the iOS side, how can I implement sign in with twitter? Do I do it client side or server side? Could anybody go through the steps? (note: the only way to sign in to the app is through twitter)
We've tried:
using a UIWebView that goes to /auth/twitter, but on redirect, it goes back to the web version. Is there a way to get JSON data from the UIWebView?
doing sign in with twitter client side, and using a made up password to authenticate in sessions#create that matches a made up password on the db.
Is there another alternative for authentication? I know what we're doing has a lot of flaws but we couldn't find any other solutions even after asking in meetups and researching online for days. please help!
You could add an OAuth 2
implementation on your server. Your server authorizes the iOS app for an authenticated user / content owner. (You have completed the authentication part.) Once authorized, the iOS app accesses that particular user's content (via an api on your server) as if it is logged in as that user.
You will find one potential OAuth 2 provider implementation for RoR as
applicake/doorkeeper
You will find a sample iOS client application as
telegraphy-interactive/OAuthClientSetup
That is one suggestion, in any case. Not the whole answer, which would require a book chapter.
I'm new to Facebook development and I'm running into trouble with what seems like it should be an easy task. I am building an iOS app for a client, and that client wants to display a number of their most recent status updates in the app, along with a link to their Facebook page. These statuses should be displayed to the user of the app even if they are not logged into Facebook or do not have a Facebook account saved on their device.
My research so far seems to indicate that I'll need to make a request to the Graph API using a user access token (which I can do successfully in the app using a token copied and pasted from the Graph API Explorer), but it seems that the only way to get a user access token from within the app is to log the user of the app into Facebook using their account credentials. This is not a good solution because I need to be able to display the client's statuses to the user whether they have are logged into a Facebook account or not. Is such a thing possible, and if so, how? I've been all over the docs and can't find a conclusive answer either way.
I know that we would approach it quite differently. We would have our own web service periodically pull what we needed off of google and store it on our own server, then we would use AFHTTPClient to pull this information down to our app. That way we wouldn't have to spoof anything with FaceBook or put any requirments on our users, such as logging into facebook. It would require that you have a service that your client maintains (or you could easily contract that for a cost).
The app should be uploading videos from iOS devices directly to our own YouTube account (not user's account).
In every scenario I came across you need an Access Token that you can get only from user logging in through OAuth2 (window popping up). Obviously, we can't give everyone username and password from company account. I was imagining using some key that uniquely identifies the app and YouTube user account to use.
Any solution / pointer? Thanks.
I ended up using deprecated Client Login. We still need to figure where to store passwords (either in the client app, or fetch them from backend every time), but that's already a huge progress.
Unfortunately, Google says Client Login will be removed in 2015. We can just hope they'll come up with non-interactive auth method requiring no user interaction by then.
My plan for this web app is that it needs the user to log in with LinkedIn, and the user's id on the site and database is their LinkedIn id.
So, the most convenient and elegant thing would seem to be to have no "native" login at all, and just have the user log in with LinkedIn from the start.
Having seen recent disaster for Twitter api developers, I now wonder if this is considered too risky. I am assuming that it is allowed by LinkedIn (haven't checked that yet).
Alternatives could be:
native login then login with LinkedIn after that.
OpenId login and then login LinkedIn after that.
Somehow have a backup login incase linkedin kicks me off.
Any thoughts on the main idea or alternatives? Any other ideas?
As soon as you require a user to create a native login, you're making the usability of your app more challenging IMO. I hate, hate, hate it when I'm forced to create a new account on a site when a single button press would work.
Of course, usability would be at near zero in the unlikely circumstance that LinkedIn's provider no longer works for your app. So, there are tradeoffs.
Does LinkedIn provide access to the user's e-mail address when you authorize them? If that's the case, you could just login with LinkedIn. If LinkedIn's provider no longer works for your app, you could send users an email with a temporary password in an authoritative way. If they don't provide an e-mail address via their provider, then you'll be forced to collect it separately directly from the user (and potentially verify it in case the user made a typo or something).
I am using ShareKit to allow the user of an iPad application to Tweet a URL from within the application through their Twitter account. The following OAuth steps work fine:
ShareKit uses the Consumer Key and Consumer Secret hard-coded in the app to request the URL to load in a WebView.
The URL provided by Twitter displays correctly in the WebView.
The user is prompted to grant Read and Write permissions by logging into their Twitter account using the WebView.
The WebView shows a redirecting page briefly while it redirects to the callback URL.
At this stage in the OAuth flow things go wrong.
After the WebView displays a Twitter 'redirecting' message very briefly, a page saying 'Your session has timed out' is displayed.
I decided to create a Twitter application in my own personal Twitter account. When I change the app to use my own Consumer Key and Consumer Secret (but keeping the callback URL and permissions the same), everything works fine.
I have cross checked the Consumer Key and Secret with the values in the app and they match (for the Twitter account that failed).
I used Twurl and everything worked fine with both Twitter accounts. So I don't understand what could be wrong with only one of the Twitter accounts and only when using ShareKit.
I could do with some direction on how to track down the problem?
I can not help you directly but original share kit is obsolete in many ways. You might want to try ShareKit 2.0. At least, on ios5+ it uses Twitter.framework, so your problems might be gone.