So I want people to be able to login to the site via Twitter. For facebook I store the facebook id and the access token. In twitter from what I gather I need to store the twitter id, access token and secret token? Is that correct if I want to do things such as post to a twitter feed? Im using the twitter php sdk
I believe you only need the access token and the secret token (the twitter id is not required).
Actually, now that I think about it, since you are using Twitter for login, the Twitter id would be required too (for login purposes, not posting to Twitter).
See: Twitter API - Making a resource request on a user's behalf
Related
Hi is this possible to get access_token in instagram api without login.
I am using server side script that will receive a user name of instagram like "snoopdog" and then my script will get photos of snoopdog from instagram api. but when i am trying to generate access_token it is asking me to login on instagram.
i am using this url to get photos.
https://api.instagram.com/v1/users/1574083/media/recent?access_token=3160711211.5b9e1e6.3b523f746c7c487f8f63743f15e16180
But if i want to generate access_token every time i need to login ?
is there any other way to get offline access token ?
To get access token, you need to login and give permission to your client.
How do I extract my own Facebook information programmatically (without login dialog) using the PHP Facebook SDK.
Is there a way to feed facebook with my username and password and get back my profile information?
There are no endpoints for that. If you just want to extract your own info, why don't you use the graph Explorer: https://developers.facebook.com/tools/explorer
You can generate an Access Token with it, and then query for your data.
I'm building a very simple API using silex (php micro-framework).
I have an idea on how to authenticate user using Facebook connect or username / password.
I want to build this API to provide data to my mobile app. My API is using HTTPS.
The authentication with Facebook:
Facebook Connect happen on the mobile app
The mobile app is sending the user token and facebook_id to the API
The API check the user Facebook id requesting /me?token=...
The API check the Facebook app_id is correct /app?token=...
-> The user does exists and is authenticated
Now using login / password:
the mobile app send the username and encoded password
The API check the combinaison is correct
-> The user does exists and is authenticated
The question is about the user session. I don't really want to do this tests on every requests (ie. for Facebook auth there is 2 requests to Facebook).
I was thinking to open a session for the user and store some kind of API token. The token would be hashed and salted (salt + user_id + time delivered). I would store it in the session table and would only need to check that the token is still valid and belong to the requesting user.
So the mobile app would only send the user id + the api token for every request.
What to you think of it ? Do you thing of a better solution keeping it simple?
Or do you see any issue with this design?
Cheers,
Maxime
Facebook's authentication flows are based on the OAuth 2.0 protocol. More information about the protocol can be found here.
The flow follows these general steps:
Determine whether someone is already logged in.
If they aren't logged in, prompt them to do so (with a login dialog).
Exchange secure codes to confirm identity.
Generate an access token.
Once your client has obtained the access token, it should store that token. The client can then perform API requests on the user's behalf using the access token. So there's no need to follow the steps above again once you have the access token (unless that token has expired).
Facebook provides a number of SDKs for you to use, including a couple of mobile SDKs. I suggest you use an appropriate SDK for your mobile app. Implementing an OAuth 2.0 dialog with Facebook will be much easier than doing everything manually. Start reading here.
You can save the Facebook Id in the first user login. Then after check for active facebook user you can search and compare in Mysql for existent facebook Id.
I want to tweet on behalf of user with OAuth, but when user uses the application then tweet goes.
I wanna tweet on user's timeline when I want to. Is this possible?
This is the question that i hit my head on the wall for several days. But finally i got it.
TWITTER CONSUMER TOKEN
TWITTER CONSUMER SECRET
USER TOKEN
USER SECRET TOKEN
These are the things we need to post a tweet on behalf of user, and in this, TWITTER CONSUMER TOKEN and TWITTER CONSUMER SECRET should be created by the admin of the twitter app for whom/which requires permission to post on user behalf. And the USER TOKEN and USER SECRET TOKEN are the things that you need from user to post a tweet on his behalf. You can get this by using getRequestToken() function of OAUTH. To know how to use this function, please check redirect.php in twitteroauth written by Abraham here. And after getting USER TOKEN and USER SECRET TOKEN you can use your TWITTER CONSUMER TOKEN and TWITTER CONSUMER SECRET with the user's user token and user secret token received from the api to post on his/her behalf. Thats it!
But user can revoke the access anytime by visiting,
https://twitter.com/settings/applications and click on "Revoke Access" button next to your app.
With Twitter yes you can. When a user signs on your application via Twitter, just be sure to store their token and secret in a database for example, in order to authenticate as them in the future.
$twitter->setToken($_GET['oauth_token']);
$token = $twitter->getAccessToken();
$_SESSION['oauth_token'] = $token->oauth_token;
$_SESSION['oauth_secret'] = $token->oauth_token_secret;
Now store those Session variables and you are good to go. Note that $twitter is simply a wrapper class to work with Twitter's API.
I have made a php script for tweeting via API. Right now I added an app(say "MyTweets") in my twitter account and got secret and oAuth key. Now I want others to use it. Right now I have put hard coded Key and secret, how can I automate it so that use can 'Add' their twitter account in my application or atleast I can store their oAuth/Secret for automated use. I just don't want to add new apps every other twitter account.
go to the link below: https://dev.twitter.com/apps/new
Fill up the form then submit.
now you will get your oAuth user and Secret Key
See the API docs at Twitter. You're going to need to implement OAuth in your application so that the user can authenticate with Twitter and you get back the authentication token you use in your application.