Hi Scott,

There's an extension to OAuth that our team developed for this purpose --
while it's not incredibly wide-spread, it's a viable way to defer
credentials.

Check out http://dev.twitter.com/pages/oauth_echo -- the docs are very
Twitter-centric in this case, but the model can really be generalized to any
API that has a distinct credential validation method (and even if it
doesn't, you can piggy-back onto an alternate method).

@episod <http://twitter.com/episod> - Taylor Singletary


On Tue, Apr 26, 2011 at 1:01 PM, Scott Herbert <
scott.a.herb...@googlemail.com> wrote:

> I'm sure this has been asked thousands of time, but I can't locate
> where so I'll ask it anyway.
>
> I'm in the early stages of implementing a web app which uses Twitter
> (and Facebook) as authorising agents for the user to login. There is
> currently (currently in the design) no direct user login (i.e. no
> username/password combo for my site) just authorisation via the two
> largest social media sites.
>
> This is done in order to simplify the sign-up process (three click and
> your signed-up one and your logged in, and no additional password to
> remember) and add to the sites security (fb and twitter's security
> system is better then I could design).
>
> As I say I'm in the early stages, but I thought it's prudent to think
> ahead and so I was brainstorming an API (what data could I expose to
> third parties, could I take payments/sales and make payments etc.) and
> hit a snag.
>
> Since I'm not allowing users to have their own passwords for the site
> and all logins are via oAuth (I don't know if FB call it oAuth, but
> the workflows the same) how do I allow third parties to log users in?
>
> I can't provide them my tokens (Even I'm not that insane), and I've
> got a feeling using my server as an proxy to pass the oAuth data back
> and forward would be against the rules (or just not work) as it feels
> like something I would ban to prevent phishing.
>
> So how do I allow users to login to my site via twitter (and for a
> bonus point facebook) using third party apps (mobile, desktop, web
> etc.)
>
> Thanks in advance
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to