Twitter API, finding logged-in user - oauth

I log into my Twitter account. Then I visit this twitter app website. I click sign-in with Twitter link, I am redirected to Twitter authorization page, I give auth. Then I see member page of app website. Then I check authed Applications from my Twitter account: https://twitter.com/settings/applications
I see that I authed that application. Then I remove all cookies of app website. But I don't logout from Twitter website. I revisit app website and click Sign-in with twitter.
Without Auth confirmation I am redirected to members page. How can it be?
I understand that they save my auth tokens inside their database and use to verify credentials. But without cookie etc. how can they know that I'm that Twitter user?
Is it possible to know that user logged in to Twitter?

This problem can be solved when "authenticating" is used rather then "authorization".
Authorization needs permission everytime user sign-ins, authentication needs permisson if user didn't give permission previously or he/she revoked the permission.
That is called as transparent login.
Note: Authentication doesn't include DM access.
https://dev.twitter.com/docs/auth/implementing-sign-twitter

Related

Is it possible to make a Social Sign Up with Twitter Account?

I am using HybridAuth on my project and added Facebook, Twitter and LinkedIn social providers in order for the user to be able to sign up/ sign in.
What I have encountered is that Twitter API does not return the users' email. Thus the user obviously can't sign up with his Twitter account.
Furthermore if the user has logged out - he can't even sign in with his Twitter account if he hasn't connected it to your application account, because the Twitter API won't use the email for searching the user in its' database. In order to be able to use Twitter Sign In, the user has to be signed in to your app and connect his Twitter account.
Is there anything I am missing and there is an actual way to Sign Up with Twitter?

Request Facebook access token without being logged in?

I want to download event information from a company's Facebook page using FacebookSDK 3.1.1 to present in a UITableView. This works fine as long as the user is logged in to his/her Facebook account.
It also works fine if I manually request an access token from developer Facebook and send it along with the Facebook URL request.
Can I request an access token from within the iPhone without being logged in?
I find the facebook developers page a bit difficult to navigate.. Anyway, here is the answer: http://developers.facebook.com/docs/concepts/login/access-tokens-and-types/

Are oauth_token and oauth_verifier sufficient parameters for persistent isLoggedIn?

I'm learning to use the twitter API for the first time. I want to build a website that allows users to post messages to their twitter, facebook and linkedin account. They will need to sign up first via the website's registration/authentication system, which is in not related to twitter, facebook and linkedin. Once logged in, they should be able to synchronize their twitter, facebook and linked in account with my website.
I'm starting development with twitter first. I followed this tutorial here:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/
After authenticating, twitter sends me to this url.
http://mywebsite.com/?oauth_token=o7gIh4x8xAs1mcms6OKthLoLecL99WVbky2Gu6o4no&oauth_verifier=83Ip3jrMVDvnbIY3RXS5DH1FUZrWAHddwApnOBfm4
The first time this page loads, it properly retrieves all the authenticated user info. But when I refresh the page, the all the user info disappears.
My question is:
Are the query string parameters oauth_token=o7gIh4x8xAs1mcms6OKthLoLecL99WVbky2Gu6o4no&oauth_verifier=83Ip3jrMVDvnbIY3RXS5DH1FUZrWAHddwApnOBfm4 all that's needed to gain write access to a user's twitter account? Can I store these tokens in my database so that the user never has to be prompted to sign into twitter again?
You had better keep oauth_token (and oauth_token_secret too) in your database since you will use them for all the authenticated requests you will do for the authenticated user. As for oauth_verifier, it is a parameter only used during the OAuth Authentication flow. So you can get rid of it once you have got the final tokens.
For further details (and to ensure what you are doing is right), see the corresponding "Sign in with Twitter" page on Twitter Developers website : https://dev.twitter.com/docs/auth/implementing-sign-twitter.

Login through facebook into other sites - IPHONE

I have an application where i need to login to a website through facebook, twitter and the website's own login.
I'm not very sure how to login through facebook and connect it to the website. Like if i click on login with facebook button, it redirects to facbook login page( which is achievable with all the tutorials and information provided in the facebook developer documentation and the sdk) and then it is redirected to the website immediately after facebook login.
How to achieve this? Any suggestions or help to achieve this will well appreciated.
I also would want to know about the encrypted access token of facebook. How to use that access token. I have read the documentation, yet i have not got the concept so clear in my head.
EDIT: the website is already connected to facebook and twitter... I have to to the same on iphone.. I mean, the response i will get after login through facebook is an access token. Can i use this access token. How to link the response got after facebook login to the website to authenticate a user's login. This i need to do it in iphone.
Thanks in advance.
Here is an example on how to do it with php,
Facebook as Auth
EDIT:
As you mention you already have a website in place with facebook and twitter integration and only require to do it in iPhone.
For iPhone have a look at facebook sdk for iPhone.
What you get after a authentication from facebook in iPhone app will be a access_token. You can use this token to get the facebook userid. Match the same id with the one present in the website. This way you can validate a user.
For getting user details from acess_token try this.
graph.facebook.com/me?access_token=<token>.
This will return basic user information along with facebook userid.
Best of luck.

How to authenticate that user owns twitter account?

I'm developing a social network. Users may register and share their twitter username (if they want). Wherever the user posts a comment or other content, his username is displayed. I would like to display the follow #userTwitter button, if the user has set the twitter account.
Now, everything works, the problem is to validate that the user is the owner of that twitter account. Right now the user could be entering any valid twitter account! Maybe using the Twitter api?
You can set your app up as a Twitter client, this way your user has to log into twitter to authorize your app, thereby verifying their twitter identity.
This is a couple years old but might be enough to get you started:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/

Resources