I'm sure this has been asked thousands of time, but I can't locate
where so I'll ask it anyway.

I'm in the early stages of implementing a web app which uses Twitter
(and Facebook) as authorising agents for the user to login. There is
currently (currently in the design) no direct user login (i.e. no
username/password combo for my site) just authorisation via the two
largest social media sites.

This is done in order to simplify the sign-up process (three click and
your signed-up one and your logged in, and no additional password to
remember) and add to the sites security (fb and twitter's security
system is better then I could design).

As I say I'm in the early stages, but I thought it's prudent to think
ahead and so I was brainstorming an API (what data could I expose to
third parties, could I take payments/sales and make payments etc.) and
hit a snag.

Since I'm not allowing users to have their own passwords for the site
and all logins are via oAuth (I don't know if FB call it oAuth, but
the workflows the same) how do I allow third parties to log users in?

I can't provide them my tokens (Even I'm not that insane), and I've
got a feeling using my server as an proxy to pass the oAuth data back
and forward would be against the rules (or just not work) as it feels
like something I would ban to prevent phishing.

So how do I allow users to login to my site via twitter (and for a
bonus point facebook) using third party apps (mobile, desktop, web

Thanks in advance

Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to