So, I have been reading into the whole OAuth stuff the recent days, trying to find something to help me authenticate with twitter. Since most of the topics in this forum pointed to Ben Gottliebs Framework I tried to include it in my TestApp which went fine.
Inserting my tokens, logging in went easy. Next thing I wanted to do, was using my own login screen. So I have to replace the Webview which is used with my own (e.g.) UIView.
The thing is, I couldn't find out how to do that. I have absolutely no idea at what point 'interfere' since everything is so obscure (on purpose?)...
So my questions are:
1) Has anyone approached the issue in any way and can you give me a hint on what there is to do?
2) Is is generally ok to change the framework in that way? I couldn't find anything which would prohibit me of doing that...
The whole idea behind OAuth is that you don't provide the login screen. That way, the user doesn't have to give you his password. Instead, he is taken out of your app temporarily, passed to Twitter (or Facebook, or whatever), authenticated with them, and then Twitter (or Facebook, or whatever) gives you a token that you can use for as long as the user still gives you permission to use it.
That all being said, Twitter does actually provide a way for you to customize your own login screen, called xAuth. However, you need special permission from Twitter to get access to create an xAuth app.
Information about xAuth: http://dev.twitter.com/pages/xauth
Another Question about this: #iPhone : how to create twitter + OAuth custom login in our application
Related
I have an packaged app in the Chrome Web Store that I'd like to transition from a paid app to a free one with in app purchases. I need to be able to detect if the current user had paid for the app previously.
To be able to use the licensing API, I need the current user's OpenID URL. I was able to get this to work using chrome.identity and a popup dialog that the user has to authorize. But it is a bad experience and kind of a scary dialog.
For hosted apps, it's possible to get the user's OpenID URL without any user interaction or authorization. (see How to skip the OpenID approval screen). It would be fantastic if somebody knows how to make this work without user interaction for packaged apps.
I've detailed some of the approaches I've tried on this chromium-apps thread. I suspect it may be possible to do this with chrome.identity.launchWebAuthFlow but I wasn't able to discover the exact incantation of parameters to google's oauth/openid endpoints to make this happen silently.
I think you need to refer to this Link1 Parameters
this parameters are different techniques using that you can do this task..
also To bypass the Login/approval screen refer this link2
Here in the section How to skip the OpenID approval screen the details are explained which you can use..
And In case of packaged app this should ask for permanent permission that will help in OAuth throughout the life of app..
Client Library JavaScript Based
Authentication using Library
After your comment I thought this you can bind in your app.!!
Let me know what works for you..
In our project, we want to give the user the option to only fill out one login screen, then the app should check many social networks for this email & password combination and log the user in accordingly.
However, the problem we are facing is with oAuth, which only allows for default login screen.
I heard about it would be possible for Twitter when getting a xAuth certificate from them (hard to get ?)
How's about facebook, linked in ?
Anyone knows how to get this done ?
Thanks, we are stuck with this already for a while.
Most challenging issue you have is the most of the service provider be it OpenID/OAuth enabled will not let you search there system with what you are trying to access.
Even some of the system like Twitter/LinkedIn never give you back user email id they treat it as a security issue (Though they call it as design specifications :))
So i am afraid it is possible.For getting XAuth for Twitter
To use xAuth, send a request to api#twitter.com with plenty
of details about your application and why xAuth is the best choice for it.
here are more details
XAuth Twitter
But even twiter XAuth is almost same as OAuth.XAuth is still in its early stage.One way is to ask user for the email and than based on the domain redirect user to the particular system and let user authorize themself, but personally that is kind of heck and not a good solution at all.
Why user will fill his username and password of other service in your login screen?? don't you think that's something beat the whole idea of security
I've been trying to get this to work for a while, but I've apparently missed something.
All I want is to have the latest 3 or so posts from my clients Facebook page to populate and animate in a screensaver that I am building using Flash (AS3).
So far, every time I try to bring anything in, it requires a complete oAuth login and account link, but it's only a one way exchange (read-only, absolutely no writing, posting or even linking, since it's a screensaver) I'm not even sure the client wants pictures or anything.
I am currently trying to use the facebook-actionscript-api, but there isn't an option for the "App Login" type of Authentication that would solve most of my problems.
I'm at wits end and about to have to tell my client it can't be done. At least they'll always have twitter...
I don't think it is possible to get facebook feeds without an accesstoken (even if they are public). So I guess you need to define an app within Facebook and add login stuff to your app so users can give permission to your app for basic access.
Maybe this article offers some help: http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html
I want my users to be able to login or register on my Site using their Facebook-Account. Could be either like the user clicks the "Login using Facebook"-Button and is automatically logged in, while his data is saved to the db or he clicks "Login using Facebook" and gets my register-page filled with his data from Facebook.
I already tried the Facebook-register, but I think it doesn't solve the problem for me, because I don't want to change my entire register-dialog to Facebook. I want it additionally.
I managed to generate the "Login using Facebook"-Button using the Java-API. I also managed to get user-data via FQL using the PHP-API. But then I run into huge problems with the token.
I guess I read the (poor) documentation on FB-Developers for 20 times now. The Tutorials I found where either outdated or treat other cases. Besides that seemingly everyone uses another way to access FB.
Does anybody know an easy way to realize that and could clearly explain which functions, APIs, ... to use? Especially I feel like I still haven't totally understood that token-thing.
If someone is stuck with the same problems... For me it helped a lot to drop the JAVA-API and only rely on PHP.
See as well this tutorial: http://thinkdiff.net/facebook/php-sdk-graph-api-base-facebook-connect-tutorial/ (It's also a bit outdated, therefore you have to delete the call to the getSession-Method.)
Does anyone know if it is possible to create our own user interface for Facebook connect instead of having to use FBLoginDialog?
If YES, how?
IF NO, can I format FBLoginDialog to have the look that I want just like the FBStreamDialog (POST message to wall)?
Any suggestion would be highly appreciated.
The FB authorization process is based on OAuth, and the whole idea is that users should never have to give you their user name or password. If you implement your own login interface, that means all information users type in is passed through your code, and that would mean that you break the intention of OAuth, even if you could get it to work (which is not very easy).
An alternative is to modify the appearance of the page by running some Javascript code on the FB web page after it has been loaded from the network. (You'd do that using -[UIWebView stringByEvaluatingJavaScriptFromString]) But even though this is possible, like taskinoor I don't think it's a good idea, because the main thing is that users should feel confident that it the FB page and nothing else that they are typing their info into.
It's in fact not possible for iPhone users to be sure that you haven't faked the whole web view, but at least you shouldn't try to make them suspicious.
I'm not sure whether it can be done or not. But the thing is you most probably should not try to change this. The reason is many user (including me) won't put password if the login page is not from FB. Though I agree that this decision is highly depended on the designer.