1) Is it true that if you would like to have your custom dialogues to enter twitter user details that you cannot use OAuth to do that?
2) I looked at MGTwitterEngine and now I'm wondering whether it is really necessary to have more than 20 classes just to send a status update.
3) I used to use Basic Auth which worked just fine. It was very little code. Is there a way to modify that code so that it just works again?
Many thanks for your help.
You'll need to apply for xAuth from Twitter with a decent enough reason for them to allow you to use it. That will allow you to take the user's username & password using your own UI and get a token that way instead of going the web-route and directing them to a web auth page.
You'll most probably need to re-write a bunch of your basic auth methods to include all the OAuth signatures and headers into your requests. It'll be nice if they make the switch to OAuth 2 soon, it's much much easier.
I've written my own Twitter engine that uses XAuth and it's relatively simple (apart from the OAuth 1 garbage!). However it'll probably be best to use MGTwitterEngine if you're going the normal OAuth route. I'm not familiar with it but I hear good things. It depends on how you're going to use the API. Writing a simple wrapper probably won't be to hard if you're just interested in calling a few methods. It's just the OAuth 1 stuff that can get complicated; however Twitter's documentation on that is very good indeed.
If you only need to post to twitter, take a look at getsharekit.org it will save you a lot of the hassle with the integration
As for xAuth or oAuth if your application UI is heavily customised it can be well worthwhile applying for xAuth ,as your users all of a sudden will not come across twitters login pages, which are unlikely to be in keeping with the rest of your applications UI. However if your application is mainly a utility application, you will most likely be fine with the oAuth method which is easier as you do not need to apply to twitter for them to enable it
Related
I have been building out a server api for mobile developers to use for an iphone app. I have no experience with mobile development and they have no experience with ruby on rails. I have attempted to build a mobile authentication route for the app that allows users to log in via facebook. So far, it looks like this:
GET '/auth/mobile/fbtoken=:facebook_token&device_id=:device_id&time_zone=:time_zone&os_type=:os_type', to: 'sessions#fb_sso'
client = OAuth2::Client.new(
ENV['FACEBOOK_APP_ID'],
ENV['FACEBOOK_APP_SECRET'],
site: 'https://graph.facebook.com')
token = OAuth2::AccessToken.new(client, params[:access_token])
user_info = ActiveSupport::JSON.decode(token.get('/me').body)
The resources online for learning how to do this properly are very limited or nonexistant. The only information I have found on how to do this involves using Devise for authentication. Our app currently is equipped for Devise (it's been added and the migration has been made to the User model) but does not currently authenticate via Devise. One of the only specific examples that I have been able to find for what we're trying to do can be found at the bottom of the page on this post:
https://www.ruby-forum.com/topic/4409930
It led me to believe that I was on the right track with the way the route was set up, because everything is the same besides the last step "sign in using Devise method: sign_in #user, :event => :authentication." This is what motivated me to attempt to integrate Devise into our application.
After reading that, what I meant to do was implement Devise in a sort of limited state and use only the sign_in method. Unfortunately, Devise seems to be very opinionated and more of an "all or nothing" sort of solution. I'm very unsure of how to proceed and how to decide whether to completely rebuild a significant portion of our application to support Devise or to abandon it altogether and try to implement my own solution.
tl;dr
1) Is it worth re-doing a significant portion of the Rails app to use Devise?
2) Is it possible to make this route work without Devise? How?
If you are only going to have your users sign in through Facebook then Devise would be unnecessary as you would just be using Facebook's API with Koala or Omniauth to authenticate the user. On the other hand, I see no reason why you couldn't have both your own authentication and Facebook authentication by also using Devise if you want non-Facebook users to use your app; you would just need either form of authentication to create a session.
And if I understand correctly, the solution at the bottom of your link doesn't use Devise for Facebook authentication but it's used to create a session when a person's FB account has been authenticated. Seems like a reasonable way to go.
To answer your TL/DR:
1) Only if you plan on having both a Facebook login and a traditional login at the same time.
2) Yes. Just give those GET parameters to a gem like Omniauth or Koala and create a session once the user has been authenticated.
I have an iPhone app that uses core data. I want to add account management to this app for backup and social reasons. What is the easiest way to handle account registration and login? Will I need to create a PHP script or create an XML/JSON file?
Any advice would be great. I have no idea what to do (I'm only familiar with Cocoa Touch).
Edit:
I think I will be going with a twitter login. Hmm, so if I do a twitter login, when the user signs in, their account data will be loaded into my database? Or something similar? I think I still need my own server because if a user signs in from another device, their data should show up there too.
From a usability standpoint, it would be best to use login's from Facebook or Twitter as the user will generally prefer to have a single login. They make sdk's for this, and it also reduces the amount of work you have to do on your end to maintain accounts. If the account is essential to your app then explore other options, but if it is just social, as you mentioned above, don't reinvent the wheel.
So, I have been reading into the whole OAuth stuff the recent days, trying to find something to help me authenticate with twitter. Since most of the topics in this forum pointed to Ben Gottliebs Framework I tried to include it in my TestApp which went fine.
Inserting my tokens, logging in went easy. Next thing I wanted to do, was using my own login screen. So I have to replace the Webview which is used with my own (e.g.) UIView.
The thing is, I couldn't find out how to do that. I have absolutely no idea at what point 'interfere' since everything is so obscure (on purpose?)...
So my questions are:
1) Has anyone approached the issue in any way and can you give me a hint on what there is to do?
2) Is is generally ok to change the framework in that way? I couldn't find anything which would prohibit me of doing that...
The whole idea behind OAuth is that you don't provide the login screen. That way, the user doesn't have to give you his password. Instead, he is taken out of your app temporarily, passed to Twitter (or Facebook, or whatever), authenticated with them, and then Twitter (or Facebook, or whatever) gives you a token that you can use for as long as the user still gives you permission to use it.
That all being said, Twitter does actually provide a way for you to customize your own login screen, called xAuth. However, you need special permission from Twitter to get access to create an xAuth app.
Information about xAuth: http://dev.twitter.com/pages/xauth
Another Question about this: #iPhone : how to create twitter + OAuth custom login in our application
How can i make load testing to facebook application?
Facebook prohibits the use of automated tools!!!
You should just load test your code, not Facebook's. Your app should be an iframe app, so it shouldn't be hard to load test outside of the Facebook platform. Just disable the Facebook calls.
Facebook has a much bigger setup than you and can handle a much larger load than your load testing tools could probably generate. And if Facebook is having load issues, there is nothing you can do about it anyway.
I've been developing Facebook apps for about 3 years. Facebook does have issues fairly often, but there is nothing you can do in your app except add error capture, retry and/or recovery.
What you're looking for is a tool called FriendRunner (www.friendrunner.com) which will allow you to load test a Facebook app WITHOUT modifying it, so you don't have to comment out any API calls. This will give you the most authentic results.
They can also simulate all kinds of strange situations and problems with the Facebook API so you can see how robust your application really is.
Is there a way to decouple your app from Facebook for the purposes of load testing? You can probably assume that the facebook platform can handle everything you throw at it, so you really just need to test your custom code. Once this works without any load problems, you should be good to go (assuming you can properly deal with unusual cases like facebook being down/the api being down).
We've used the approach suggested by Brent Baisley and it's a good approach, but I've always begrudged the extra work of toggling FB apis to test the app. We are trying an approach right now that should allow you to load test most apps directly in the FB canvas.
From Facebook themselves: "You can use test users for manual or automated testing."
You can also pre-authorize test users with specific permissions to your app so there's no issue of getting stuck at the permissions dialog. In the FB response, you'll get a URL that allows you to login with that test user. With one or many of these URLs in hand, easy enough to use something like Seige or Apache Bench to automate your load testing of your Facebook App in its normal environment.
I am creating a twitter application in iphone using oauth. But my application request for:
oauth_consumer_key,
oauth_signature_method,
oauth_signature,
oauth_timestamp,
oauth_nonce,
oauth_version,
oauth_callback,
Please anyone help me how to create all these keys for my application.
In my twitter account xauth is disabled by default. So, how can I enable it in my application?
It's highly unlikely you need to enable xAuth. The Twitter API documentation, specifically the authentication guide explain these parameters in more detail. Also have the OAuth 1.0 spec open to refer to, even if you're using a third party library- you will save your sanity if you understand the mechanics of the token exchange.
You'll need to read up about OAuth. All the fields are part of the standard. Twitter will give you the first one (oauth_consumer_key), and the version number is always 1.0. (Version 2.0 is not yet complete and Twitter doesn't use it.) The others you need to calculate. Or at least find an open source library that does it for you.
As for enabling xAuth, you need to send a message to Twitter. Sounds like they're getting more and more strict about which apps they allow, though.