Thanks that looks exactly like what i was looking for On Apr 26, 9:32 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Hi Scott, > > There's an extension to OAuth that our team developed for this purpose -- > while it's not incredibly wide-spread, it's a viable way to defer > credentials. > > Check outhttp://dev.twitter.com/pages/oauth_echo-- the docs are very > Twitter-centric in this case, but the model can really be generalized to any > API that has a distinct credential validation method (and even if it > doesn't, you can piggy-back onto an alternate method). > > @episod <http://twitter.com/episod> - Taylor Singletary > > On Tue, Apr 26, 2011 at 1:01 PM, Scott Herbert < > > > > scott.a.herb...@googlemail.com> wrote: > > I'm sure this has been asked thousands of time, but I can't locate > > where so I'll ask it anyway. > > > I'm in the early stages of implementing a web app which uses Twitter > > (and Facebook) as authorising agents for the user to login. There is > > currently (currently in the design) no direct user login (i.e. no > > username/password combo for my site) just authorisation via the two > > largest social media sites. > > > This is done in order to simplify the sign-up process (three click and > > your signed-up one and your logged in, and no additional password to > > remember) and add to the sites security (fb and twitter's security > > system is better then I could design). > > > As I say I'm in the early stages, but I thought it's prudent to think > > ahead and so I was brainstorming an API (what data could I expose to > > third parties, could I take payments/sales and make payments etc.) and > > hit a snag. > > > Since I'm not allowing users to have their own passwords for the site > > and all logins are via oAuth (I don't know if FB call it oAuth, but > > the workflows the same) how do I allow third parties to log users in? > > > I can't provide them my tokens (Even I'm not that insane), and I've > > got a feeling using my server as an proxy to pass the oAuth data back > > and forward would be against the rules (or just not work) as it feels > > like something I would ban to prevent phishing. > > > So how do I allow users to login to my site via twitter (and for a > > bonus point facebook) using third party apps (mobile, desktop, web > > etc.) > > > Thanks in advance > > > -- > > Twitter developer documentation and resources:http://dev.twitter.com/doc > > API updates via Twitter:http://twitter.com/twitterapi > > Issues/Enhancements Tracker: > >http://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > >http://groups.google.com/group/twitter-development-talk
-- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk