Session timeout error with Twitter OAuth flow using ShareKit on iOS - ios

I am using ShareKit to allow the user of an iPad application to Tweet a URL from within the application through their Twitter account. The following OAuth steps work fine:
ShareKit uses the Consumer Key and Consumer Secret hard-coded in the app to request the URL to load in a WebView.
The URL provided by Twitter displays correctly in the WebView.
The user is prompted to grant Read and Write permissions by logging into their Twitter account using the WebView.
The WebView shows a redirecting page briefly while it redirects to the callback URL.
At this stage in the OAuth flow things go wrong.
After the WebView displays a Twitter 'redirecting' message very briefly, a page saying 'Your session has timed out' is displayed.
I decided to create a Twitter application in my own personal Twitter account. When I change the app to use my own Consumer Key and Consumer Secret (but keeping the callback URL and permissions the same), everything works fine.
I have cross checked the Consumer Key and Secret with the values in the app and they match (for the Twitter account that failed).
I used Twurl and everything worked fine with both Twitter accounts. So I don't understand what could be wrong with only one of the Twitter accounts and only when using ShareKit.
I could do with some direction on how to track down the problem?

I can not help you directly but original share kit is obsolete in many ways. You might want to try ShareKit 2.0. At least, on ios5+ it uses Twitter.framework, so your problems might be gone.

Related

Issue : Connecting using OAuth to Jawbone from android app

We are using Jawbone API to pull data tracked using jawbone devices.
Our users are successfully able to sign in when they access Jawbone sign in page during OAuth process from our website.
However, they are not able to sign in when they access jawbone authentication page from our android app during OAuth process. This authentication page is launched in webview on andriod.
On log in page after entering correct credentials and clicking on Sign In button does nothing. The page even does not display whether credentials were correct or not.
Is the OAuth authentication user agent (web/app) dependent?
We have started facing this issue just recently and before it used to work perfectly.
Jawbone's OAuth2 flow operates through web login and approval pages, then issues a redirect callback to your server. Jawbone has several partners who do this within their Android apps.
It sounds like your app is not handling the callback half of the OAuth2 flow correctly, but it's hard to say based on this description.
Have you reviewed the Authentication documentation?
Also, consider Jawbone's Android SDK.

Rails backend for an iOS app, twitter sign in

I'm using omniauth-twitter for twitter log in to the website and it works perfectly well (go to /auth/twitter, user authenticates, and then redirect_to /auth/twitter/callback). Great.
However, on the iOS side, how can I implement sign in with twitter? Do I do it client side or server side? Could anybody go through the steps? (note: the only way to sign in to the app is through twitter)
We've tried:
using a UIWebView that goes to /auth/twitter, but on redirect, it goes back to the web version. Is there a way to get JSON data from the UIWebView?
doing sign in with twitter client side, and using a made up password to authenticate in sessions#create that matches a made up password on the db.
Is there another alternative for authentication? I know what we're doing has a lot of flaws but we couldn't find any other solutions even after asking in meetups and researching online for days. please help!
You could add an OAuth 2
implementation on your server. Your server authorizes the iOS app for an authenticated user / content owner. (You have completed the authentication part.) Once authorized, the iOS app accesses that particular user's content (via an api on your server) as if it is logged in as that user.
You will find one potential OAuth 2 provider implementation for RoR as
applicake/doorkeeper
You will find a sample iOS client application as
telegraphy-interactive/OAuthClientSetup
That is one suggestion, in any case. Not the whole answer, which would require a book chapter.

Is it possible to call native ios Facebook login dialog from just a web page (not a web app)?

We have an ios app that uses native Facebook login just fine.
Then we also have a website (app is basically an optimized client for it) where people can login via Facebook too. When they open our website in mobile safari, they are directed to Facebook pages to authenticate there and it works, but.. it is still far from native and users have to retype credentials they often have in ios already.
So could it be possible to to somehow launch system fb authentication for just a web page (maybe using some clever URL schema?) and get granted token back to web?
Difficult way
As described here http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps you could find URL scheme to trigger the native iOS app for app authorization:
fbauth://authorize?redirect_uri=[redirect_uri]&client_id=[client_id]&response_type=token
But if you call that link it's not possible to have a redirection. You could try to hack that redirection but maybe you could not find a way out.
A secure way to solve that problem is to use a SSO token to authenticate user on your App when he logs in, and next on Safari take a redirection, with a custom url to your APP, that do as bridge to FB App via Token stored in your APP. After FB authentication you can directly redirect user back to your landing page in Safari. As said by #Lego it's an alternative way to direct authenticate that could be made by going deep to custom URL used by FB.
No, it is not yet possible to directly authenticate the user via the native Facebook App, but it's possible to authenticate the user using a custom URL scheme which opens your native iOS app which then handles the authentication flow:
The user authenticates natively with your iOS App. You then store the user login (not password) in your app (i.e. using NSUserDefaults).
Then the user opens your web page in Mobile Safari. You redirect the user via a custom url scheme to your app (i.e. using myapp://authenticate). Apple documentation on implementing custom URL schemes: click
Now, if you have an active FB session in your iOS app, you can either directly redirect the user back to your landing page in Mobile Safari, passing the access token via url get parameter or you first re-authenticate the user, displaying a login view with the user name pre-filled, which you have stored in your iOS app before (step 1) and then redirect the user to your landing page, again all depending on session state and your security needs.
For opening face book app you can use Custom URL scheme. But i am not sure if u can authenticate user from it. In case if you could also then it will be confined up to the fb account which is already configured on that device app .so better try to use face book api or something
I don't get your question exactly but i think as per your question you want to create fb app Login in safari or in your custom web view.
is this perfect ?
as per my knowledge web view is different thing and native app is different thing.
if you are Login in web view then no need to check anything token or other thing because it will give you Logout thing there.
but if you are Login in your application then "developer.facebook.com" will definitely help you.
and yes, you will do most of the thing in your app as native facebook app do.
Hope it help....

Twitter API Always using my account

I am having the strangest problem using Twitter API. I am using a Github package dg/twitter.php.
The problem: I am making an app that sends a status update to twitter and I store the status in my database, simple. But what is happening is it stopped asking me to login and always uses my twitter account, even from different computers and clearing all cache. The strange thing is that it seems like it has cached my account and there is no way to clear it. If i completely log out of twitter and go to the app, it no longer asks me to sign in, it just uses my account, so anyone who goes to the app submits tweets as ME.
I thought it had to do with my App settings so I reset everything, renewed tokens, but still the same problem. I uploaded files to another server using the same app tokens, and yet again the same problem. My twitter app only uses MY account and will not let me login because it acts like I am already logged in when I am not.
Does this make sense?
Since this app is a Facebook app, i realized I had a problem with the oauth creating a new token because FB uses an iframe which was conflicting with the authorize abilities twitter currently has.

iOS Twitter website single sign on

Say that you have an iOS app, and a user that has one or more Twitter accounts set up on their device. Is it possible to load part of Twitter's mobile site into a UIWebView within the app with the user automatically signed in as one of those accounts?
Obviously, accessing the accounts would require the user's permission, which is fine. And probably after the first time, the site would remember the user anyway. But it would be nice to not force the user to enter their credentials again.
I know that I can use Reverse Auth to get OAuth tokens for an iOS Twitter account, but I haven't found anything concrete to allow me to exchange those tokens for authentication on twitter.com.
Well, according to Twitter's Taylor Singletary, it's not possible. Boo.

Resources