Does anyone have thoughts on this? :) Sorry to bump!

On Apr 15, 9:18 pm, Karate <> wrote:
> I am wanting to use @anywhereto allow users to login to my website,
> but I am curious about how to implement proper security.
> Right now when a user hits the "Connect With Twitter" button on my
> website and signs in via the popup window, the button changes to say
> "Connected with Twitter". So far so good.
> I can then run things like:
> screenName ='screen_name');
> However, I want to be able to send the currentUser's id or twitter
> username to my server to log them into my website as well. I want to
> check their id/username against my database, and store it if it
> doesn't exist, then log them in.
> So, the response that I get from running:
> twttr.anywhere(onAnywhereLoad);
> contains their username/id and some other information, but if I sent
> this to my server via javascript to login, there's nothing stopping
> someone from making a fake request containing a different username to
> login.
> WithFacebook'sConnect API I get a cookie set that I can then use
> with my secret to verify that the request is really fromFacebook, is
> there an equivalent of this in Twitter?
> Does this require me to use oAuth?
> Again, all I'm trying to do is allow users to sign in to Twitter via
> @anywhereon my site then send their username/id to my server to log
> them into my application based on that username/id. I just need to be
> able to validate that the data being sent to my server (username/id)
> was really set by Twitter.
> Any thoughts?
> Thanks!
> --
> Subscription 
> settings:

Reply via email to