I have seen the following in a few different apps so it seems like some kind of public api. Anyone where I can find the code for this? Specifcally the twitter login that appears in the popover:
I think your understanding of OAuth needs to be better… OAuth is a way for users to sign into a service without revealing the credentials to the application. The interface you are seeing is Twitter's OAuth endpoint. I suggest looking into the twitter API for integration help.
If you would like to program your own interface for collecting the users credential, use XAuth instead.
Related
While reading instagram basic display api documentation I get the sense that we cannot use this api for authentication. As they write under the limitation as:
Authentication — Instagram Basic Display is not an authentication
solution. Data returned by the API cannot be used to authenticate your
app users or log them into your app. If you need an authentication
solution we recommend using Facebook Login instead.
But looking at their API reference I get they provide oauth tokens and authentication flow /scopes.
Their getting started guide also list down steps to setup app. Anyone please explain what I am missing there ? I am looking for social login solution using instagram, thanks.
I am currently building an API for my native App and want to implement the OAuth 2.0 protocol for authentication. If I take a look at companies like Instagram, Facebook or Twitter I wonder how they are handling the authentication process of their own native App (not third-party).
So Instagram for example is using the OAuth 2.0 protocol to protect their API endpoints (here). Related to their developer platform they offer you - as a third-party developer - the possibility to use their API and authenticate your own App via Server-side (Explicit) or Implicit flow. All of these flows require the user to authenticate via an In-App browser (or system browser).
Like I said before, I am wondering how these Apps are handling the authentication in their own Apps. The user doesn't get redirected to any browser to authenticate. They could use the Explicit flow and store the client_id and client_secret for example in Keychain (iOS). But Instagram is telling third-party developers "You should never pass or store your client_id secret onto a client. For these situations there is the Implicit Authentication Flow.".
I don't want the user to get redirected in my own App. The user should be able to use a login/signup form within the native App.
Does anyone have an idea or insides on how Instagram etc. are doing it? I am really curious and appreciate any helpful answer. :)
I am working on a mac application which involves Facebook support so that they can share to Facebook via our app.
For this, I am using Facebook Graph API's which internally uses oAuth protocol to access user resources. In this process, it uses webview to enter users credentials(username and password) which provides the "Access_token".
But my requirement of the application is that it should not use webview to enter user credentials rather it should use other view controller to provide user credentials. So I need to go for xAuth protocol as in twitter uses.
Can anyone help me in this issue? If facebook supports xAuth, please make suggestions.
Facebook doesn't offer "desktop" application authentication support as detailed here: https://developers.facebook.com/docs/authentication/
What you would have to do, is get them to authorize your app on a website, then use the access token for the desktop app and that is if your app is connected to some kind of server.
Otherwise you will have to follow their suggestion of embedding a browser and reading the access token once it is received.
I am trying to integrate Twitter into my application. My basic requirement is to have custom login screen and as twitter requires only OAuth. As per Twitter documentation I found these
MGTwitterEngine(Downloaded but its missing entire OAuth library, hence could not compile)
bengottlieb(cannot customize login as it is web based)
XAuthTwitterEngine
XAuthTwitterEngine looks promising but XAuth is disabled by default and need permission from Twitter
So my questions are
1) what type of information I have to provide to Twitter in order to get approval for enabling XAuth
2) if XAuth is not recommended then how do I achieve my basic requirement mentioned about.
i hope my question is valid. Thanks so much.
You can also check out my Twitter client. It was specifically written for 'Share on Twitter' functionality. It uses XAuth.
http://github.com/st3fan/iphone-twitter
For future visitor's, here's the link on twitter request form for enabling XAuth, and some more support options:
https://support.twitter.com/forms/platform
Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but whether anyone can advise a solution for my issue.
I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.
I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
Any ideas or issues to this issue?
If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.
The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.
Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)
The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.
Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.
Have you looked into RPX?
https://rpxnow.com/
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.