I'm building an app where I want to allow users to be able to set up more than one twitter account with my application, so it would be best for me to be able to log them out of twitter before they add a new account so that they can enter their information for their new account and not just be forwarded back to my site because the user already has access with the account that they're logged in with. Others have said that it is not possible to log out a user with the twitter api, but I know that it is because hootsuite.com will log me out of my twitter account whenever I try to add a new one. Thanks!
ANSWERED
I found the solution. You cannot log the user out, but you can force them to log in to authorize your app. You just add the &force_login=true parameter to the end of your authorize url and you're good to go!
http://code.google.com/p/twitter-api/issues/detail?id=469
I found the solution. You cannot log the user out, but you can force them to log in to authorize your app. You just add the &force_login=true parameter to the end of your authorize url and you're good to go!
http://code.google.com/p/twitter-api/issues/detail?id=469
Related
Basically, I'd like my users to be able to register and log into my site using their Soundcloud accounts (much like Google or Facebook).
But I'm following the login flow from their docs (http://developers.soundcloud.com/docs#authentication), and I understand how to redirect them to the Soundcloud connect screen to authorize my app. And from that, I get a code that I can exchange for an access token. But after that the docs state this:
You should now store the access token in a database. Associate it with
the user it belongs to and use it from now on instead of sending the
user through the authorization flow.
So they're assuming that I already have registered users who then connect to Soundcloud through some other function of my app. But what I want, is for them to be able to create their account from their Soundcloud user info. I think this is initally possible, but when they return to log in again, I need that access token to identify them. But I can't get that access token without sending them through the auth flow again.
I'm guessing what I want to do can't be done, but it's also possible I'm overlooking something. Any help would be appreciated!
I've done this with IMGUR OAuth2 API. After you get the access token, make a new request to their /me endpoint. This way, you'll have the SoundCloud id for that particular user. Now you can check if you already saved this user in your database. If you have, just save the new token to make sure this user has granted your app access to their SoundCloud. I'm not sure if I were clear enough. Let me know if you need any further help .
I have a query that I want to set re-authentication in my website like this:
If i registered once in my website and link my account with twitter then next time I logged into the website I would not need to log in with twitter. It will be automatically connected with twitter.
You'll still need to authenticate with twitter each time, but you can save the users oauthtoken and oauthtoken secret to a mySQL database so you don't have to ask the user to authenticate manually. The keys, if you will, never expire. Your apps authentication can however be revoked by the twitter user. Here's a helpful tutorial on getting setup from scratch. Some of the first steps have changed, but "Registering users" section will be helpful to you.
I am always reading about Facebook and Twitter logins for someones website.
The integration using one of theses services is okay, but my questions is how can I access both API´s for one user.
Example:
User is logged in on my website (active session). Now he somehow has to grant me access to his user details etc. on facebook AND twitter. How do I realize that? I don´t want him/her to type in his facebook or twitter credentials everytime he logs in to get his access token (oAuth).
How do I get my own oAuth user access token after using my websites login, so I can interact with Facebook and Twitter´s API.
Is this correct?
Thank you very much, if you can help me.
Facebook
When someone logs into the Facebook account, they stay logged in until they actively log out.
The way to test for this is:
FB.getLoginStatus(function(response){
if response.status === 'connected'{
// The user is logged in
var access_token = response.authResponse.accessToken;
// Do whatever you need to do
} else {
// Get the user to log in
}
});
See here for more details:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Twitter
The process is a little more complex for Twitter, but if you only want to display tweets, consider Web Intents.
Otherwise, follow these steps:
https://dev.twitter.com/docs/auth/3-legged-authorization
Both platforms have the ability to check whether or not the user is logged in first, so you shouldn't have to worry about someone having to log in every time they use your site. However, you cannot use the same oAuth token on both sites - you must get a separate one for each.
Each individual API will need a popup to authenticate, which will redirect to the appropriate api for authorisation, and then once you have the token after the authorisation redirects back to your popup.
You will then end up with a token that you can pass back to the calling page "window.opener" and store the token for that api in a Javascript variable by alling a Javascript funcation on the main page.
window.opener.getInstagramData("self", oauth_token);
Each authentication needs to have its own token and needs to be a button that the user should click on.
I am using this method to get Facebook, Twitter, LinkedIn Foursquare and GooglePlus account info.
Hope this helps.
So I am trying to let my customers login in with Twitter, and just twitter.
Twitter says "You should never store a password for your users again", but how am I going to reauthenticate my users with twitters API?
If I resend the user to twitter after they have deleted their session, twitter asks the user again if they want to give acces to my application.
Is it at all possible to have seamless intergration with twitter accounts without ever storing local user data?
EDIT
It seems that the question is not extremely clear. What I have experienced using for example http://forum.jquery.com/. They use OpenID. I click "Login with google". I get redirected to google. Google remebers I gave acces to Zoho once and instantly sends me back to forums.jquery.com, this time with an access_token for zoho to authenticate me with. I have no persistent data with Zoho. Yet they can log me in.
What twitter with OAuth does is the following. A user comes to my site, they click "Login with twitter" and get redirected to twitter.
Twitter asks them again whether they want to give the application access to their data. Instead of the immediate redirect google does.
Is it possible for twitter to immediatly redirect the user to me. Is there a setting for me I am overlooking.
Send users to https://api.twitter.com/oauth/authenticate instead of https://api.twitter.com/oauth/authorize. If the user is already signed into Twitter and has previously authenticated with your app they will be redirected without seeing an allow/deny prompt.
What you store from Twitter are the user's TOKEN and user's SECRET. Those values are issued by Twitter (or any oauth provider) when you are in the process of oauth authentication.
You can get the idea using this library in PHP:
https://github.com/abraham/twitteroauth
Or this one in Ruby:
https://github.com/jnunemaker/twitter
The process is quite straightforward once you tried with any real example. It is not difficult at all.
There are also some nice screencasts here:
http://railscasts.com/episodes/241-simple-omniauth
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2
Have you actually read the API?
Read the getting started page, you don't store passwords you store access tokens for the user. And if you want people to log in and register your going to have to store some data ;-)
I had this problem exactly and solved it using setAuthorizedUrl method - for more details see here http://www.evilprofessor.co.uk/359-sign-in-with-twitter-using-zend-framework/
This tutorials might Helpful for you.
Twitter API connect using oAuth
Cristian comment is what I was looking for.
You have to save those values in any persistent storage, if not, your users will always need to go Twitter again.
Shame that twitter doesn't recognize that the users have already allowed my app and redirects automatically
I have a facebook application in my website. When someone is already logged in to my website, I have the offline_access of his facebook account, but when I put a like button, it always asks for login to facebook again.
Everything else works, like printing the posts, photos, etc. But the simple action of liking something, doesn't. How can I make it work using the php-sdk api?
I'm presuming that you have just used the like button code from here. What's happening when they click that button it's not going THROUGH your website but rather taking a bit with it to facebook. So it takes your URL to facebook and they do the whole posting bit... therefore if the client is not logged into facebook it'll ask them to login.
What you can do is use a curl posting script through your website and that should post whether they are logged into the facebook main site or not provided they logged in with the offline_access.
Please tell me if you need more information or if I have mis-interpreted what you meant.
Regards,
Jon
I guess you are misunderstanding the behavior of the offline_access permission:
Enables your application to perform
authorized requests on behalf of the
user at any time. By default, most
access tokens expire after a short
time period to ensure applications
only make requests on behalf of the
user when the are actively using the
application. This permission makes the
access token returned by our OAuth
endpoint long-lived.
This would mean, even if the user is logged off, your application will still have access to it's account BUT this DOES NOT mean that you can capture/monitor if the user is back on your website again until he is logged to his FB account again.
So offline_access will never know if the same user is currently on the page and "automatically" log him to his FB account!