My goal is to use these bundles to connect to MailChimp OAuth or Facebook (not necessarily as a login option but that could come later - right now just want my app authorized to access the MailChimp API) - I've got the whole process somewhat working in the sense that I can be redirect to MailChimp or Facebook, allow my app and the I am always redirected to to my failur_path as defined in my security.yml. I presume this is correct behavior since I do not have users with the matching tokens. My question is... how do I create these users in the first place? Or rather how do I get the provided oauth token into the user's data for later user/authentication?
Thanks
I know it's old, but in case someone didn't find it:
https://gist.github.com/danvbe/4476697
Related
*Apologies in advance for the long background but I think it is necessary and helpful to other devs once this is answered.
Background
I am building a very social web-application in which there are several events that trigger social actions such as updating the user's Twitter status.
Currently, I use a library called "TweetMoaSharp" (.NET) to handle the Oauth workflows and events that trigger a status update or follow action work brilliantly as long as the user is briefly redirected to the Twitter authentication page.
To clarify, the user is not asked to re-authorize my app each time, but there is an unsightly flicker that lasts for 1-2 seconds while the user is directed to Twitter and then back to my app. This will annoy the end user as there are frequent Twitter interactions.
So--to relieve the situation, I use TweetMoaSharp to obtain an OAuth Access Token via the server and then store that token along with the user id returned from Twitter in my database. I then set a cookie on the client that contains the user's Twitter Id so that for future requests I can simply pass that ID to the server, grab the OAuth token form the database and do my business. No redirect required!
Problem Solved, Right?
Well, no. Stupidly, I overlooked the fact that this can cause a collision with multiple Twitter Accounts being used on the same page and ended up tweeting test-tweets to a second twitter account I own because I had changed Twitter sessions. This could happen to any user(s) who access multiple Twitter accounts from the same browser; a husband and wife for example.
Back to the Drawing Board
I thought to myself, "The Facebook JavaScript API" makes it super easy to get the id of the currently logged in user without going through a bunch of server-side token steps so I am sure Twitter offers the same approach." Ha! I haven't found one yet.
Bottom Line / Question
How do I get the ID of the currently authenticated Twitter user without redirecting them to Twitter (even for just a second)? If I can do this, then I can compare the returned ID to the one in my cookie and know if it is valid for my application's current session or if I need to have that (new) user authenticate as well so that I avoid "Tweeting" under the wrong account.
Thanks in advance.
Use your app tokens to do a verify credentials call
https://api.twitter.com/1.1/account/verify_credentials.json
The returned info is the logged in user.
Unfortunately limited to 15 calls per 15 minute window!
I'm building an app where the user will receive an invite to join a team.
The invite link is unique to the user, and when the user hits the sign-up page, they they can login using oauth (google).
After the user goes through the authentication and gets passed back to my app, I need to get their invite code, so I can look it up in the db and add them to the correct team.
I thought I could pass a state variable to the oauth provider which would get passed back to me like auth?state=INVITE_CODE, but when I send a state parameter to google in my auth request, it doesn't respond at all.
What's the best way to accomplish this?
I'm using express passport if that makes any difference.
I was WAY over thinking this, so hopefully this will help somebody else.
If you look at the res.headers.referer it is actually your original link, not the link from the oauth provider, which I expected.
I have a Google Apps Marketplace (v2) app I am working on setting up Oauth2 for.
I've got everything working, but for some reason when I do a redirect to the authentication page, after, after you select which Google account to use (if like you're me and are testing, you have to pick one of several Google accounts you're currently signed into), I get sent to another page which seems utterly pointless:
This is bizarre and annoying, because I am logging in as the domain administrator!
Does anyone know a way to skip this screen, or what I might be doing to be cursed with this terrible user experience?
I just confirmed that having access_type=offline will always display this page, even with approval_prompt=auto. You will always get back a refresh token as well.
The only way to hide it is to remove access_type=offline on future login requests (ask only on signup).
I believe this shows up only if app requests refresh token for offline access. Also this should only appear first time you access the app after installation.
In order to skip this you need to update app to not request refresh tokens.
I'm making a Twitter application that makes one Twitter account echo another.
I used the http://dev.twitter.com tool to obtain the access token associate with one account, but since only one person can administer a Twitter application I can't get an access token for any other accounts.
It would appear I have to build an entire 3-legged-oauth strategy only to get one access token!
https://dev.twitter.com/docs/auth/obtaining-access-tokens
How can I most easily acquire an access token for the other user? I don't need a strategy to get many of them, just one.
Okay so I found the answer after a few hours of searching.
You can do it fastest using the PIN auth method and you'll never have to do it again.
Additionally, this gist contains some awesome Ruby code so I didn't have to do any coding, and I got my access token right from the command line:
https://gist.github.com/mirakui/388067
Cheers.
as I started to work with Twitterizer in order to publish on someone's wall I am in confusing time.
There is a page, my case, DefaultTwitter.aspx where is link to authenticate on twitter with token provided. Goes on Twitter and comes back to CallbackTwitter.aspx with outh_token and secret. And so the user is identified. On twitterizer example says:
Step 5 - Store the results
You should now store the access token and the user details. Keep in mind that the
only way an access token will become invalid is if the user revokes access by logging
into Twitter. Otherwise, those values will grant you access to that user's data
forever.
My questions are: - should I store any data in SQL datatable and what exactly(however I hope that is not the case to do so)
somebody said that I should save in a cookie(I thought in session); however then if another user comes then how should I create a button to logout or something like that?
-how will user revoke application access if he would like so?
A live example will be much appreciated as I could not found any on internet how exactly twitter api works.
When your application finishes getting authorization to access the user's data, the result is the access token (represented by 2 values, a key and a secret). Those values are, in effect, the username/password you can use in requests to the API on behalf of that user.* Save those values in your SQL database. You'll also be given the user id and screen name. It's probably a good idea to keep those handy, too.
The user can revoke access to an application by going to http://twitter.com/settings/applications, finding the application and clicking the revoke access button next to it. Your application cannot revoke access for the user.
You asked for an example, but you're citing the example application. Just look at the source code in that sample.
* - That's a simplification for explanation sake. Please don't crucify me, OAuth experts.