Re: [twitter-dev] Re: Verify user connect with @anywhere?
Shortly we'll be providing the logged in user's id along with a signature that will allow you to verify it is genuine. Stay tuned. On Wed, May 12, 2010 at 6:14 PM, Abraham Williams 4bra...@gmail.com wrote: I don't think it is officially supported as a public API but you can pull the twttr_anywhere cookie which contains an access token. https://api.twitter.com/1/account/verify_credentials.xml?oauth_access_token=xyz Abraham -- Dan Webb Front-end Engineer, Platform d...@twitter.com / @danwrong +1 415 425 5631
Re: [twitter-dev] Re: Verify user connect with @anywhere?
I don't think it is officially supported as a public API but you can pull the twttr_anywhere cookie which contains an access token. https://api.twitter.com/1/account/verify_credentials.xml?oauth_access_token=xyz Abraham On Fri, Apr 23, 2010 at 20:34, Karate quantumkar...@gmail.com wrote: Does anyone have thoughts on this? :) Sorry to bump! On Apr 15, 9:18 pm, Karate quantumkar...@gmail.com wrote: I am wanting to use @anywhereto allow users to login to my website, but I am curious about how to implement proper security. Right now when a user hits the Connect With Twitter button on my website and signs in via the popup window, the button changes to say Connected with Twitter. So far so good. I can then run things like: screenName = twitter.currentUser.data('screen_name'); However, I want to be able to send the currentUser's id or twitter username to my server to log them into my website as well. I want to check their id/username against my database, and store it if it doesn't exist, then log them in. So, the response that I get from running: twttr.anywhere(onAnywhereLoad); contains their username/id and some other information, but if I sent this to my server via javascript to login, there's nothing stopping someone from making a fake request containing a different username to login. WithFacebook'sConnect API I get a cookie set that I can then use with my secret to verify that the request is really fromFacebook, is there an equivalent of this in Twitter? Does this require me to use oAuth? Again, all I'm trying to do is allow users to sign in to Twitter via @anywhereon my site then send their username/id to my server to log them into my application based on that username/id. I just need to be able to validate that the data being sent to my server (username/id) was really set by Twitter. Any thoughts? Thanks! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Verify user connect with @anywhere?
Does anyone have thoughts on this? :) Sorry to bump! On Apr 15, 9:18 pm, Karate quantumkar...@gmail.com wrote: I am wanting to use @anywhereto allow users to login to my website, but I am curious about how to implement proper security. Right now when a user hits the Connect With Twitter button on my website and signs in via the popup window, the button changes to say Connected with Twitter. So far so good. I can then run things like: screenName = twitter.currentUser.data('screen_name'); However, I want to be able to send the currentUser's id or twitter username to my server to log them into my website as well. I want to check their id/username against my database, and store it if it doesn't exist, then log them in. So, the response that I get from running: twttr.anywhere(onAnywhereLoad); contains their username/id and some other information, but if I sent this to my server via javascript to login, there's nothing stopping someone from making a fake request containing a different username to login. WithFacebook'sConnect API I get a cookie set that I can then use with my secret to verify that the request is really fromFacebook, is there an equivalent of this in Twitter? Does this require me to use oAuth? Again, all I'm trying to do is allow users to sign in to Twitter via @anywhereon my site then send their username/id to my server to log them into my application based on that username/id. I just need to be able to validate that the data being sent to my server (username/id) was really set by Twitter. Any thoughts? Thanks! -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en