Been following this tutorial.
Is there a way to "allow access" without having to browse to the url: http://api.twitter.com/oauth/authorize?oauth_token=your_request_token_from_above?
Is there a way I can authorize a user via the oauth gem in console?
The way oauth is implements demands that you send the user to twitter, so that the user could give the authentication details to twitter and then authorize your access request (for your application).
if you want to skip the callback url and all that. You should look at xAuth. With xAuth the you could provide the username and the password and get a token through the API, with no callback URLs or what so ever.
Here some example of how to use xAuth with ruby.
Related
I know that OAuth2.0 is framework using to authorization data request between apps, but to give this access auth server is required. It is my question: who is this server? Let's say: We have two apps: Twitter and Google. I am trying to register Twitter account using Google account. And now where is this auth server? Is it Google? Or maybe it is another third server (managed by Twitter and Google together where user data is?) If it is Google, how Twitter is able to check if user token (generated by auth server [Google??]) is valid?
Thanks
On your first question,
I am trying to register Twitter account using Google account. And now
where is this auth server? Is it Google?
Yes, it's Google. If you're trying to login/register to Twitter via Google, Google is the authorization server. Because, Google has to authorize/delegate access to Twitter to access your data such as your Gmail id, username, etc.
Once you click on "Sign up with Google" button on the Twitter registration page, you will be redirected to the Google login page first (to see if you're an authenticated google user) and then Google would show you a consent page saying that "Twitter is trying to read your profile data, are you okay with this?". Once you click on "Allow" button, Google will generate an access_token, id_token, and refresh_token and pass it to Twitter.
On your second question,
If it is Google, how Twitter is able to check if user token (generated
by auth server [Google??]) is valid?
Twitter is not going to validate the tokens. Twitter can pass the token to retrieve your Google profile information from Google's Resource Server (where all your data reside)
Google's Resource Server is the one that's going to validate the token. It first checks the 'iss' claim of the token to see if the token is issued by Google's Authorization Server. Additionally, it would check for 'aud' to see if the token is issued for them (recipient of the token). Finally, it checks for the 'scope' claim to see if Twitter has the right access to request the data. For eg, they would need to request only read-only access to your profile, but not write access. There could be additional validation depending on the use case.
I hope this answers your questions.
I want to get twitter access token by just passing twitter user name and password.
Is there any way to get this?
Help me to solve this issue
Yes, you can. Twitter provides xAuth which allows you to submit a username and password, then get back your tokens.
Please note, there are two main restrictions.
You won't get DM access.
You need to specifically request xAuth access from Twitter
xAuth access is restricted to approved applications. If your application is a desktop or mobile application that has no other recourse but to utilize xAuth, send a detailed request to https://support.twitter.com/forms/platform.
I would strongly suggest that you find a way to incorporate the normal oAuth flow into your app.
I would like to people to log in on our Wireless Network by their Facebook or Twitter account. So I will use Oauth..
If the user authorized our App succesfully, he must me redirected to a our website. What is the most efficient way to do this?
In the case of Twitter (OAuth 1) you do this by supplying an oauth_callback parameter in the first request or by specifying a callback URL when registering your application with Twitter.
In OAuth2 (which Facebook uses) the flow is different but the parameter name is redirect_uri.
These are your only options.
I am using Rails with omniauth plugin to authenticate my application via LinkedIn. Currently, I store the linkedin token which omniauth returns if the user successfully authorize the application:
oauth_token"=>"9dd623ad-1e21-2cec-9ede-107e1f8e9e18"
I am also using linkedin plugin to get user's Linkedin information. The problem is; the plugin requires two tokens like the following:
client.authorize_from_request(rtoken, rsecret, pin)
c.authorize_from_access("OU812", "8675309")
How can I use the omniauth's token in linkedin plugin? Any idea?
OMNIAUTH is for Authentication only. AFAIK you wont be able to use the API with that oauth token alone. Youll still need to send the user off to linked in to authorize API access by doing something like
client.request_token(:oauth_callback =>'your callback url')
See example here:
http://pivotallabs.com/users/will/blog/articles/1096-linkedin-gem-for-a-web-app
Update:
I was able to reuse access token and access secret that I received upon Omniauth callback from LinkedIn and pass it on to client.authorize_from_access and got access to LinkedIn API that way. Your mileage may vary as I had to customize linked_in gem to fit my workflow a bit, but once Omniauth gets access token and secret you no longer need to call client.authorize_from_request
Is it possible to authorize twitter console application without visiting authentication web page?
I need it because I'm developing app that grab direct messages from our corporate twitter. This console application is scheduled on web server and is not driven by human.
Regards,
Alexey Zakharov
You can ask Twitter for an access token by supplying a username and password using XAuth. This circumvents the need to redirect to OAuth webpages to get valid access without asking the user for username and password. Applications do need to ask permission from Twitter by email to be able to use this web service method. You should only use it to get a valid access token and then save that, and not persist the username/password in any way. It might be a suitable scenario for your console application?
Check out TWURL. It's command-line CURL with Twitter OAuth built in: http://github.com/marcel/twurl
Its possible to authorize any oAuth based API via Console.
if you have some sample code that your working with please share.
Also: http://p2p.wrox.com/content/articles/twitter-development-using-oauth-authenticate-against-twitter-api-walkthroughs