No OAuth2.0 for Twitter on behalf of users? - twitter-oauth

It looks that Twitter does not support OAuth2.0 on behalf of users.
I feel it is weird that they does not support because "Application-only" Twitter supports OAuth2.0.
When I looked into the official site, the only value of "grant-type" is "client_credentials".
So, no "authorization_code".
This means Twitter does not provide yet for OAuth2.0 on behalf of users???

You are correct that Twitter does not support OAuth2.0 yet, apart from Application-only authentication. As far as I am aware there is no timeframe for Twitter to fully support OAuth2.0.

Related

Difference Between OmniAuth Implementations for Facebook and Twitter

I'm a bit confused about how omniauth works for facebook and twitter. I notice when I use twitter, then I end up getting back credentials which include a token and a secret. My understanding is that twitter will return the same set of keys for the same application keys.
For facebook I notice that I only get back a single token. I would like to use this token to identify the user when they use my application-- but my concern is that since I am only getting one token back, that this is a short lived token which might change.
I did some research to find out if Twitter supports OAuth 1.0 (which I'm quite certain Twitter uses).
Am I missing something? Is a it a matter of Twitter and Facebook using different OAuth versions.
Twitter and Facebook do, in fact, use different versions of OAuth. Twitter uses OAuth 1.0A, while Facebook uses OAuth 2.0. These versions have different implementations.
For Twitter, there are two options for accessing the APIs via OAuth, application-only auth and application-user auth.
For details on Twitter's OAuth, check out https://dev.twitter.com/docs/auth/oauth
For details on how to obtain access tokens for Twitter APIs: https://dev.twitter.com/docs/auth/obtaining-access-tokens

Is facebook an openid provider?

I'm confused about facebook and whether or not facebook is an openid provider like google.
According to this link: http://developers.facebook.com/blog/post/246/, facebook is an openid relying party. What does that mean, and is that different from an openid provider like google.
Basically, I am currently using lightopenid to allow users to use their openid's to log into my site, but can't seem to find a url for facebook's openid authentication to do this.
I have seen a question similar to this which confuses me because in that question, the questioner was told that facebook is not an openid provider, yet facebook documentation says something that facebook is a openid relying party...???
Facebook is an OAuth provider. You need to use OAuth if you want to allow Facebook users to authenticate against your service.
Being an OpenID Relying Party means that Facebook accepts OpenID logins from their users, e.g. you can log in to Facebook with your Google account. Your service is also a Relying Party if it allows users to authenticate using their OpenIDs.
For more information on the terminology used by OpenID, see the OpenID Wikipedia article.

Twitter Authentication OAuth or XAuth

I am trying to integrate Twitter into my application. My basic requirement is to have custom login screen and as twitter requires only OAuth. As per Twitter documentation I found these
MGTwitterEngine(Downloaded but its missing entire OAuth library, hence could not compile)
bengottlieb(cannot customize login as it is web based)
XAuthTwitterEngine
XAuthTwitterEngine looks promising but XAuth is disabled by default and need permission from Twitter
So my questions are
1) what type of information I have to provide to Twitter in order to get approval for enabling XAuth
2) if XAuth is not recommended then how do I achieve my basic requirement mentioned about.
i hope my question is valid. Thanks so much.
You can also check out my Twitter client. It was specifically written for 'Share on Twitter' functionality. It uses XAuth.
http://github.com/st3fan/iphone-twitter
For future visitor's, here's the link on twitter request form for enabling XAuth, and some more support options:
https://support.twitter.com/forms/platform

facebook with openid

Referencing Is Facebook an OpenID provider? here. This is kind of an additional question based on it.
I have also read the article at : What is the "openid" url of facebook? - but I am still pretty confused on the whole ordeal. The goal is for people who use facebook to easily login to our website, not to neccessarily integrate with facebook and add things to it (yet). I have read the documentation on facebook connect and am still having trouble grasping exactly what we need to do to accomplish this.
I notice that it says that facebook accepts openid logins - so in theory someone with a facebook account could login to a site that took other openid logins, correct? Or do I have to code a separate 'facebookconnect' system just to accept logins from facebook accounts?
There is a difference between an OpenID provider (who gives you a URL you can log into other sites with) and an OpenID consumer (who lets you log into their site using an OpenID URL).
Someone who "accepts openid logins" sounds like a consumer, but your description "someone with a facebook account could login to a site that took other openid logins" is describing a provider.
There's nothing stopping a site being both a consumer and a provider, but as far as I know, Facebook isn't one.
You have to code a separate "Facebook Connect" system just to accept logins from Facebook accounts, they do not use the OpenID standard.
RPX is a commercial service that offers a way to cut down on some of the confusion.

LinkedIn / Twitter / Facebook as OAuth and OpenId use

Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but whether anyone can advise a solution for my issue.
I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.
I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
Any ideas or issues to this issue?
If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.
The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.
Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)
The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.
Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.
Have you looked into RPX?
https://rpxnow.com/
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.