Re: [twitter-dev] Losing SessionUserId with oAuth!
I meant for setting the session and redirecting. On Fri, Apr 2, 2010 at 4:54 PM, Taylor Singletary < taylorsinglet...@twitter.com> wrote: > Don't use an overlay. The authorize screen must always be loaded as an > explicit browser window with the address bar clearly visible. This is > in both your user and application security's best interests. > > Taylor > > On Friday, April 2, 2010, Peter Denton wrote: > > I would suggest using a page overlay, vs opening a new browser window > (popup) via ajax. > > You can emulate the same experience for the user, without opening new > windows which can be blocked by browsers anyway. > > > > > > On Fri, Apr 2, 2010 at 4:34 PM, dvu714 wrote: > > > > Hello everyone, > > > > I have a web app where i want to integrate twitter to allow users to > > post tweets to their accounts. So when a user is logged in my site > > and wants to post a tweet, i open a new window redirecting to twitter > > oAuth with credentials. On the callback coming back to my site i am > > able to retrieve the auth_token, but i have just lost my user's > > session id. Tried putting the twitter oauth in an iframe with no luck > > either. > > > > So my question is, how would i retain my user's current session id in > > my system, while retrieving an auth token from twitter using oAuth to > > store for their current session on my site. > > > > Thanks > > > > > > -- > > To unsubscribe, reply using "remove me" as the subject. > > > > > > -- > Taylor Singletary > Developer Advocate, Twitter > http://twitter.com/episod >
Re: [twitter-dev] Losing SessionUserId with oAuth!
Don't use an overlay. The authorize screen must always be loaded as an explicit browser window with the address bar clearly visible. This is in both your user and application security's best interests. Taylor On Friday, April 2, 2010, Peter Denton wrote: > I would suggest using a page overlay, vs opening a new browser window (popup) > via ajax. > You can emulate the same experience for the user, without opening new windows > which can be blocked by browsers anyway. > > > On Fri, Apr 2, 2010 at 4:34 PM, dvu714 wrote: > > Hello everyone, > > I have a web app where i want to integrate twitter to allow users to > post tweets to their accounts. So when a user is logged in my site > and wants to post a tweet, i open a new window redirecting to twitter > oAuth with credentials. On the callback coming back to my site i am > able to retrieve the auth_token, but i have just lost my user's > session id. Tried putting the twitter oauth in an iframe with no luck > either. > > So my question is, how would i retain my user's current session id in > my system, while retrieving an auth token from twitter using oAuth to > store for their current session on my site. > > Thanks > > > -- > To unsubscribe, reply using "remove me" as the subject. > > -- Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Losing SessionUserId with oAuth!
Include a parameter that identifies the session in your callback URL. You can specify the callback in your request_token step and can include params, provides they are URL encoded and part of your callback URL. Loading the authorize step in an iframe or manipulating the OAuth sequence beyond its intent to provide a secure and consistent Twitter authorization experience in any way is not kosher. Taylor On Friday, April 2, 2010, dvu714 wrote: > Hello everyone, > > I have a web app where i want to integrate twitter to allow users to > post tweets to their accounts. So when a user is logged in my site > and wants to post a tweet, i open a new window redirecting to twitter > oAuth with credentials. On the callback coming back to my site i am > able to retrieve the auth_token, but i have just lost my user's > session id. Tried putting the twitter oauth in an iframe with no luck > either. > > So my question is, how would i retain my user's current session id in > my system, while retrieving an auth token from twitter using oAuth to > store for their current session on my site. > > Thanks > > > -- > To unsubscribe, reply using "remove me" as the subject. > -- Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Losing SessionUserId with oAuth!
I would suggest using a page overlay, vs opening a new browser window (popup) via ajax. You can emulate the same experience for the user, without opening new windows which can be blocked by browsers anyway. On Fri, Apr 2, 2010 at 4:34 PM, dvu714 wrote: > Hello everyone, > > I have a web app where i want to integrate twitter to allow users to > post tweets to their accounts. So when a user is logged in my site > and wants to post a tweet, i open a new window redirecting to twitter > oAuth with credentials. On the callback coming back to my site i am > able to retrieve the auth_token, but i have just lost my user's > session id. Tried putting the twitter oauth in an iframe with no luck > either. > > So my question is, how would i retain my user's current session id in > my system, while retrieving an auth token from twitter using oAuth to > store for their current session on my site. > > Thanks > > > -- > To unsubscribe, reply using "remove me" as the subject. >