Hi Scott, There's an extension to OAuth that our team developed for this purpose -- while it's not incredibly wide-spread, it's a viable way to defer credentials.
Check out http://dev.twitter.com/pages/oauth_echo -- the docs are very Twitter-centric in this case, but the model can really be generalized to any API that has a distinct credential validation method (and even if it doesn't, you can piggy-back onto an alternate method). @episod <http://twitter.com/episod> - Taylor Singletary On Tue, Apr 26, 2011 at 1:01 PM, Scott Herbert < scott.a.herb...@googlemail.com> wrote: > I'm sure this has been asked thousands of time, but I can't locate > where so I'll ask it anyway. > > I'm in the early stages of implementing a web app which uses Twitter > (and Facebook) as authorising agents for the user to login. There is > currently (currently in the design) no direct user login (i.e. no > username/password combo for my site) just authorisation via the two > largest social media sites. > > This is done in order to simplify the sign-up process (three click and > your signed-up one and your logged in, and no additional password to > remember) and add to the sites security (fb and twitter's security > system is better then I could design). > > As I say I'm in the early stages, but I thought it's prudent to think > ahead and so I was brainstorming an API (what data could I expose to > third parties, could I take payments/sales and make payments etc.) and > hit a snag. > > Since I'm not allowing users to have their own passwords for the site > and all logins are via oAuth (I don't know if FB call it oAuth, but > the workflows the same) how do I allow third parties to log users in? > > I can't provide them my tokens (Even I'm not that insane), and I've > got a feeling using my server as an proxy to pass the oAuth data back > and forward would be against the rules (or just not work) as it feels > like something I would ban to prevent phishing. > > So how do I allow users to login to my site via twitter (and for a > bonus point facebook) using third party apps (mobile, desktop, web > etc.) > > Thanks in advance > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk