I'm sure this has been asked thousands of time, but I can't locate where so I'll ask it anyway.
I'm in the early stages of implementing a web app which uses Twitter (and Facebook) as authorising agents for the user to login. There is currently (currently in the design) no direct user login (i.e. no username/password combo for my site) just authorisation via the two largest social media sites. This is done in order to simplify the sign-up process (three click and your signed-up one and your logged in, and no additional password to remember) and add to the sites security (fb and twitter's security system is better then I could design). As I say I'm in the early stages, but I thought it's prudent to think ahead and so I was brainstorming an API (what data could I expose to third parties, could I take payments/sales and make payments etc.) and hit a snag. Since I'm not allowing users to have their own passwords for the site and all logins are via oAuth (I don't know if FB call it oAuth, but the workflows the same) how do I allow third parties to log users in? I can't provide them my tokens (Even I'm not that insane), and I've got a feeling using my server as an proxy to pass the oAuth data back and forward would be against the rules (or just not work) as it feels like something I would ban to prevent phishing. So how do I allow users to login to my site via twitter (and for a bonus point facebook) using third party apps (mobile, desktop, web etc.) Thanks in advance -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk