I want to integrate Twitter with my Android application. Can I do this using OAuth 2.0?
I have searched the internet but couldn't find any good explanation regarding this. If anyone has done this before, can you please guide me through this. I saw in a old post here that Twitter doesn't support OAuth 2.0.
Basically, no, Twitter still uses OAuth 1.0a for most parts of their backend. Since march however, they support the OAuth 2 client credentials flow for application-only authentication.
This means, if you:
have an application that only shows tweets from other users or stuff like that, you can get authorized using OAuth 2.
want any users to use your app to post tweets or do anything else on a user's behalf, you have to struggle with OAuth 1.0a.
You should check out the Twitter4J library, which abstracts most of the OAuth 1 hassle away from you.
This might be of interest:
"... we're releasing our application-only authentication scheme, based
on the OAuth 2.0 client credentials flow."
Posted to dev.twitter 2013-03-11 https://dev.twitter.com/blog/application-only-authentication (current: https://blog.twitter.com/developer/en_us/a/2013/application-only-authentication.html)
Related
I'm creating an Android application for my employee that will require the sales people to login using Okta authentication (I plan on using their authentication api). My question is on how to secure the WEB API my code will be calling from the android app. Should I use Okta's OAuth implementation to do this?
What I was thinking was if I use Okta's authentication (to have them login), I can also call the OAuth API to retrieve a token and then an access token. I could then lock down the API by checking the access token I received from Okta.
Do you think this is the best way to do this using Okta?
Thanks!
08/18/2016 update: we now have a Xamarin code sample available at https://github.com/raphaellondner-okta/okta-oauth-xamarin-android-customtabs
As of 08/18/2016, you will need a slightly modified version of IdentityModel.OidcClient (https://github.com/raphaellondner-okta/IdentityModel.OidcClient/tree/rl-pkce-secretless) to make it work with Okta and PKCE. Hopefully these proposed changes will make it to the master branch soon.
Original answer:
I suggest you take a look at our OAuth Android sample available at https://github.com/oktadeveloper/okta-openidconnect-appauth-sample-android (we leverage AppAuth to achieve both the authentication with Okta and the authorization using OAuth and our OAuth features).
We do not yet have a Xamarin sample available yet, but the general idea is to leverage the OAuth authorization code flow using an embedded browser to call the Okta /authorize endpoint, grab the code that's returned from Okta in the browser response url (as a fragment) and pass it on to your mobile app to exchange the code for an access token.
Our OAuth features are still in beta so if need access to them, please contact us at developers at okta dot com.
So i need to be able to use Oauth for the login part on my Android application(not for Twitter, google,etc...) it's a private application. The rest of the app uses rest services w/ the authenticated token.
Here basically i'm looking for any tips, a library or an article recommendation. Most of the articles i found are about how to login to Google's services and such.
Thanks,
Check this one: scribe It is pretty simple.
Here it is a list of libraries cited by the Oauth2.0 "authority":
oauth.net/2
I am building a REST based api for my Android app. I use access tokens and basic header authentication currently. Any suggestions to improve the authentication process?
I suggest to use the OAuth protocol to manage API authentication. You can read more about this protocol here: http://oauth.net/.
+1 ezimuel - "OAuth" is an excellent suggestion.
However, I was surprised to see the link Getting Started with the Tasks API and OAuth 2.0 on Android was deprecated.
Please check out these links:
Google Play Authorization: http://developer.android.com/google/play-services/auth.html (also uses OAuth 2.0)
Authenticating to OAuth 2.0 Services: http://developer.android.com/training/id-auth/authenticate.html
OAuth and REST in Android (1): http://simpleprogrammer.com/2011/05/25/oauth-and-rest-in-android-part-1/
OAuth and REST in Android (2): http://simpleprogrammer.com/2011/06/04/oauth-and-rest-in-android-part-2/
I'm using official Facebook Android SDK to integrate Facebook to my application. When it comes to authorize, the SDK use a custom dialog with Webview in it, loading facebook login page for user to enter username & password, this sounds OK.
However, when reading javadoc for the method "authorize" in Facebook.java (in the SDK package), I found that "Note that User credentials could be handled natively using the OAuth 2.0 Username and Password Flow, but this is not supported by this SDK"
How can I achieve this ?
Thanks in advance
Hum, I have not used the Facebook SDK yet, but I already coded communications with webservices based on OAuth 2.0 for the credentials; so my answer will not deal with Facebook specifically but with OAuth 2.0.
What you need to communicate with an OAuth webservice is first to get a token, in order to get it you need to give to the webservice your private developer key & password & your clients password & login.
I think that it is exactly what your documentation is talking about.
Note that good webservices provide an already written wrapper in order to do not have each developper rewritting the same wrapper.
If you need a wrapper example, look at Soundcloud Official Wrapper on github.
i am developing app.its having post message on facebook and twitter.i searched on net and got many example but i confused with twitter.
if i am using oath authentication how should i provide login screens for clients.many example
what i found just they are using consumer and secret key where i need to pass uname,pword
can you pl suggest me its very urgent to me
Thanks in advance
Aswan
Twitter using oAuth at present, so whatever api's you will get, they will open the official twitter login page in webview, so you cannot use your own login page for that, twitter does not want's that........Hope it help's youGood luck.......
I've done this using a WebView (to hold the login UI which comes from twitter.com) and Signpost for the OAuth authentication. There's a good example here.
However, this turned out to be a less than brilliant mobile user experience - WebView login screens just suck - so I switched to using XAuth instead of OAuth, which you have to apply to Twitter for. The benefit of doing that is that you can have your own custom login UI, which isn't web-based. Unfortunately Signpost doesn't yet support XAuth so I also changed to using a stripped-down version of JTwitter.
If you are interested in using Singpost and Android's HttpURLConnection to obtain access token based on username and password you can have a look at my post. I was referring to Twitter XAuth so that's should be what you looking for. It works for me.
http://3citydev.blogspot.com/2013/05/how-to-obtain-xauth-access-token-using.html