I am using Twitter as an OAuth provider for ASP.NET MVC 4 web site. I would like to be able to follow up with a registered user at a later date, either by email or via a tweet. Outside of having the user follow me on Twitter, do I have any other options to communicate with the user?
Here is what I unsuccessfully considered:
It appears that there is no way to get access to the email address since Twitter OAuth API does not return it.
It appears I cannot send a direct message unless a user
follows me on Twitter.
"Read/Write/DirectMessage" permissions seem
too intrusive -- all I want to do is send a user a message that a
new product is released -- I don't need any of the write
capabilities that this level of permissions provides.
To recap, if a user used Twitter to sign in to my website, what are my options to contact that user at a later date?
Thanks.
Twitter's solution for this sort of person-to-person communication is the Direct Message, however, Twitter has (rightfully) decided that both parties need to consent to this channel being available. This decision is intended to reduce the amount of spam in the Twitter ecosystem.
Posting public tweets that mention the username will get your users' attention, but it is also broadcasting their relationship with your company to the entire Twitter ecosystem. You will, essentially, be advertising their relationship with your company without their permission. This approach will bring you headaches sooner or later.
Email is probably a better choice for the sort of announcement to existing customers.
Related
Normally, I invite new members via. email, that I get from them individually.
Let's say I want to campaign publicly for volunteers to join our community, then what is the best approaches with various level of control?
It is not possible out-of-the-box, but you can develop a custom website, where people can apply for your Slack and enter the name and email address.
You can then forward their request for you to approve (e.g. a page with a table of all open requests where each can be approved or denied or an automatically generated email to you etc).
Finally you can auto-invite every approved user with his email address. The Slack API has an undocumented API function that allows that. Check here for my post about that method.
I have done a similar website for inviting people from a gaming community (Eve Online), where they have to first authenticate themselves with their game login before getting an invite to our Slack. It works pretty well. I made this website with PHP, but basically every server based script language will work.
I am using google's oauth2 to allow users to register/login into my site (php library). The first time a user attempts to login I get the user's email address and google+ id which are provided by the Google OAuth2 API (with the user's permission).
In a different part of the site I need some information from the user's youtube channel. I am using the incremental authorization to get the extra permissions as it is recommended (and described here: https://developers.google.com/identity/protocols/OAuth2WebServer#incrementalAuth ).
The problem is that I don't have a unique identifier for the user between the calls, in order to keep track of him/her in my side of the application. A user, for example might have multiple youtube channels and each one can be associated with a different google+ account/id and a different email address, which most of the time is not a real address but a provided email with the format 'username-XXXX#plus.google.com'.
I was wondering if google's apis can return a unique identifier for the 'parent' account of a user across different apis.
Thanks in advance.
According to this question: Architecture for merging multiple accounts and registering a user account
Various answers have said that using email is a good way of establishing correspondence between different accounts and then doing automatic merging for multiple account sign in.
However, twitter is a major provider that does not provide email through their oauth API.
How can we reliably and automatically establish a correspondence between a twitter account and for example Google, Facebook, Github... etc accounts? So that we can auto-merge those accounts.
I'm writing a library to help in this, so it's not really useful to say do it manually, since I would like to provide options.
There is no secure-way to automatically do it, I implemented an application with local account/Twitter.Facebook/Google and I didn't have other choice.
I suggest you to allow your users to register with one method (local account, Twitter, Facebook, Google...) and create a page in "My account" that allow them to associate other accounts.
In Twitter a user can be identified by either a name or a key, you have no way to know them unless you explicitly ask them to the user.
Moreover now in Twitter 1.1 you have to redirect your user to Twitter to approve your application and then you get the OAuth token and security key. As you can see there must be an interaction with Twitter, at least if you need to perform some restricted queries on his behalf (e.g. create a Tweet).
Let's say I am making a sign up form in which I asked user's twitter ID. How do I verify if the ID entered by user belongs to him/her? In case of verifying email we simply send a verification link which user has to click so how do I verify twitter ID? I have never used twitter before.
The only reliable and practical way to verify that twitter account X belongs to user Y this to do full on “3 legged” OAuth authentication. That being said, you may want to consider if you might be OK with just taking the user at their word on it.
Getting OAuth to work and securely storing the resulting tokens is much easier nowadays than it once was, but is still non-trivial.
Reasons to verify the twitter account, in increasing reasonableness:
You will be making enough server side requests, on behalf of multiple users, that you run up against Twitter’s API Rate Limiting. (Having multiple auth-tokens will allow for a higher API rate)
You need to automagically send tweets and/or follow accounts on the user’s behalf
N.B. do this as opt-in and be ultra clear about when/why you will be doing this, or you will face the justified fury of scorned users
Don’t verify the account if you’re looking to do these things:
You need to send tweets and/or follow accounts on the user’s behalf, and the user will be able to perform a browser based confirmation workflow for each of those actions; use Twitter’s Web Intents for this.
If you just want to pull in real time data for user’s avatar, bio, or recent Tweets Twitter supplies some prefab widgets for you.
All of the authenticated Twitter API Calls can be done client side with JavaScript. Twitter has a js framework, which does not require you to handle and store tokens on your server, to help you with that.
An alternate contact method for password resets, notifications, etc.
Private communication between users on twitter requires mutual following, many users probably never check their Direct Messages (or even know what a DM is), and any messages would be limited to 140 characters. Just use email for all that kind of nonsense.
If you’re just gathering this info to display it on a user’s profile page, in an “other places on the web” kind of way, integrating and maintaining all the server side OAuth pieces is likely too much bother. Just make sure you have a reasonable and clear TOS and an obvious way for 3rd parties to report any of your users who may be claiming a twitter account that is not their own.
If you’re still interested in OAuth, Twitter's Dev page has plenty of resources, including a nice overview of a generic “Sign In with Twitter” “3 legged” OAuth work flow.
anyone knows if it is possible to do registration via twitter just like facebook register (http://developers.facebook.com/docs/plugins/registration/)?
it is not login via twitter. i need to store some basic information from the twitter user, eg, name and email, and then request user to choose their own username and password for my site.
Thanks!
Twitter doesn't have this functionality at all , they have #anywhere for integration for some Twitter features on your website. That's the closest there is to this. What you can do is register an account with the information you gather from an authenticating user, but the development of this would be up to you. There are no boxed up solutions right now from Twitter. There may be something third party but I'm not aware of any.
It's also "against the rules"
You may not use Twitter Content or other data collected from end users
of your Client to create or maintain a separate status update or
social network database or service.
https://dev.twitter.com/terms/api-terms