Thanks that looks exactly like what i was looking for

On Apr 26, 9:32 pm, Taylor Singletary <taylorsinglet...@twitter.com>
wrote:
> Hi Scott,
>
> There's an extension to OAuth that our team developed for this purpose --
> while it's not incredibly wide-spread, it's a viable way to defer
> credentials.
>
> Check outhttp://dev.twitter.com/pages/oauth_echo-- the docs are very
> Twitter-centric in this case, but the model can really be generalized to any
> API that has a distinct credential validation method (and even if it
> doesn't, you can piggy-back onto an alternate method).
>
> @episod <http://twitter.com/episod> - Taylor Singletary
>
> On Tue, Apr 26, 2011 at 1:01 PM, Scott Herbert <
>
>
>
> scott.a.herb...@googlemail.com> wrote:
> > I'm sure this has been asked thousands of time, but I can't locate
> > where so I'll ask it anyway.
>
> > I'm in the early stages of implementing a web app which uses Twitter
> > (and Facebook) as authorising agents for the user to login. There is
> > currently (currently in the design) no direct user login (i.e. no
> > username/password combo for my site) just authorisation via the two
> > largest social media sites.
>
> > This is done in order to simplify the sign-up process (three click and
> > your signed-up one and your logged in, and no additional password to
> > remember) and add to the sites security (fb and twitter's security
> > system is better then I could design).
>
> > As I say I'm in the early stages, but I thought it's prudent to think
> > ahead and so I was brainstorming an API (what data could I expose to
> > third parties, could I take payments/sales and make payments etc.) and
> > hit a snag.
>
> > Since I'm not allowing users to have their own passwords for the site
> > and all logins are via oAuth (I don't know if FB call it oAuth, but
> > the workflows the same) how do I allow third parties to log users in?
>
> > I can't provide them my tokens (Even I'm not that insane), and I've
> > got a feeling using my server as an proxy to pass the oAuth data back
> > and forward would be against the rules (or just not work) as it feels
> > like something I would ban to prevent phishing.
>
> > So how do I allow users to login to my site via twitter (and for a
> > bonus point facebook) using third party apps (mobile, desktop, web
> > etc.)
>
> > Thanks in advance
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to