Basically, it is suggested that you store the user's session and pick
it up again after the oauth sends the user back to your site.
So the question is: how to uniquely identify the user through the
callback?

Sending a variable along to twitter, and hoping it will come back,
apparently doesn't work.

What can you do?
According to Taylor:
"You can specify the callback in your request_token step and can
include params, provides they are URL encoded and part of your
callback URL. "

a.k.a. you save the current user's session, you generate a callback
url which is unique (and identifies the user's session). When oauth
sends the user back to the site, it uses that url and you know exactly
what user you are dealing with. Then you load the user session you
stored for that user and you're back where you were: with a continued
session and authenticated user.

On Apr 3, 6:18 pm, dvu714 <dennisvu...@gmail.com> wrote:
> Correct, I am trying to pass in a variable and looking for that
> variable from the callback to reinitiate my session.  I am doing this
> because i am not able to retain current user's session.
>
> Currently after the callback from oAuth i lose my users session.  So
> the user session is set before the oAuth authentication, i open a
> window to redirect to oAuth, the user verifies, callback redirects
> back to my site losing previous session state.
>
> Just wondering how other folks are implementing oAuth while currently
> maintaining their current session.
>
> On Apr 3, 8:00 am, Peter Denton <petermden...@gmail.com> wrote:
>
> > Hey,
> > I think you might be trying to pass in a variable, and expect the oAuth
> > callback url to use that variable?
> > i.e. pass in a clientId of "123" and expect that the url returned will point
> > to somecallbackurl.com?auth_token_4566&clientId=123
>
> > What you want to do is:
> > a) set a session on your end
> > b) route the user through oAuth, and when they get back
> > c) pick up the session and perform a redirection on your end.
>
> > They shouldn't lose the session variable through the oAuth process. So all
> > you would need is some handling on the callback url you specified which
> > looks for the session you set and redirects the user accordingly.
>
> > Hope that helps.
>
> > On Fri, Apr 2, 2010 at 8:02 PM, dvu714 <dennisvu...@gmail.com> wrote:
> > > After the callback happens from twitter back to my site, my param is
> > > not included.
>
> > > I tried both appending a param to thehttp://twitter.com/oauth/authorize
> > > url
> > > and also my oauth_callback url when redirecing with no success.
>
> > > Only one querystring returns which is the auth_token from the
> > > callback.
>
> > > Is this because the callback url is defined in the twitter app
> > > settings?
>
> > > Thanks for the responses everyone
>
> > > On Apr 2, 4:51 pm, Taylor Singletary <taylorsinglet...@twitter.com>
> > > wrote:
> > > > Include a parameter that identifies the session in your callback URL.
> > > > You can specify the callback in your request_token step and can
> > > > include params, provides they are URL encoded and part of your
> > > > callback URL.
>
> > > > Loading the authorize step in an iframe or manipulating the OAuth
> > > > sequence beyond its intent to provide a secure and consistent Twitter
> > > > authorization experience in any way is not kosher.
>
> > > > Taylor
>
> > > > On Friday, April 2, 2010, dvu714 <dennisvu...@gmail.com> wrote:
> > > > > Hello everyone,
>
> > > > > I have a web app where i want to integrate twitter to allow users to
> > > > > post tweets to their accounts.  So when a user is logged in my site
> > > > > and wants to post a tweet, i open a new window redirecting to twitter
> > > > > oAuth with credentials.  On the callback coming back to my site i am
> > > > > able to retrieve the auth_token, but i have just lost my user's
> > > > > session id.  Tried putting the twitter oauth in an iframe with no luck
> > > > > either.
>
> > > > > So my question is, how would i retain my user's current session id in
> > > > > my system, while retrieving an auth token from twitter using oAuth to
> > > > > store for their current session on my site.
>
> > > > > Thanks
>
> > > > > --
> > > > > To unsubscribe, reply using "remove me" as the subject.
>
> > > > --
> > > > Taylor Singletary
> > > > Developer Advocate, Twitterhttp://twitter.com/episod-Hidequoted text -
>
> > > > - Show quoted text -

Reply via email to