Hi there, In most cases for native clients on iPhone, Android, Blackberry, and so on, developers prefer to use xAuth <http://dev.twitter.com/pages/xauth> for token negotiation. To use xAuth, you need permission from Twitter which you can inquire for by emailing a...@twitter.com with verbose details about your application(s), screen shots of it in action, and so on.
If your service already supports Twitter outside of the mobile app space, and you already provide an auth mechanism for your service that is not Twitter (for example, a username/password combo) then you might want to require your users to log in that way into your application, then send the appropriate access token you already have for the user downstream to the client application. Likewise for upstream -- if you need users to initiate a relationship between your service and Twitter on the mobile device itself, you'd make that negotiation happen on the device, then send the access token upstream to your servers for use in the core service. Another approach that can ultimately offer you a greater level of flexibility (at the cost of some greater maintenance costs) is to use separate API keys for each platform your application is featured on (iPhone, Android, web, etc.), re-negotiating Twitter auth in each platform as an action the user is deliberately taking in the context of that device. You'd then send access tokens upstream to your servers and maintain a mapping of the user's various Twitter access tokens in respect to the device that the use. Finally, we always prefer you to use the standard OAuth flow as opposed to xAuth. You can use dynamic callback URLs to target application-specific URIs and simplify the web-based OAuth dance greatly. This approach frees you from the stress & responsibility of directly collecting a username and password. Taylor @episod <http://twitter.com/episod> - Taylor Singletary - Twitter Developer Advocate On Thu, Mar 17, 2011 at 11:47 AM, jdjaramillo <jdjarami...@gmail.com> wrote: > Hello, > > we have a website where the users can currently connect their Twitter > accounts and update their tweets automatically by interacting with our > site. Now we are building an iPhone, Android and Blackberry app which > should allow the user to connect his account to the same Twitter APP. > > We currently have the app set as "web" with a regular callback URL. Is > it possible to authenticate on the mobile apps using the same app but > without having the user open a browser window? How can we do this? > > thanks, > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
