Since basic auth has been deprecated, is the official android twitter app using OAuth?
It still asks for my userid & password & I'm wondering how they are retrieving the oauth token ?
Sounds like they could be using xAuth - http://dev.twitter.com/pages/xauth. It's an alternate method of authenticating via OAuth. xAuth access is restricted to approved applications, you can't use it unless Twitter says you can.
Android client is using oAuth for twitter for example.
User must login to twitter at least once through your app and get a key.
It can be used several times and you dont need to get a key again.
Related
I want to create a mobile app that can access a RESTful API that I will write. To access that API, I wanted to use Oauth2 to Authorize the mobile app.
Is this a valid use of Oauth? Or should I only be using an Authentication service?
Edit:
What I'm trying to make sure I understand is the context that Oauth should be used it. My idea was to validate a username & password then return an authorization token, then use that token as an API key for the mobile application.
You can defiently use oAuth for this.
I have a question concerning Facebook/Twitter authentication on mobile application when dealing with an API as the mobile application backend.
Currently, I'm developing an application on the 3 platforms Android, iOS and Windows Phone. These applications are linked to an API which handles basic authentication (sign up, sign in) and provide access to a remote database.
Now, I want to let my users to authenticate with their facebook or twitter account, but I don't really know what to implement on the applications, and what to develop on the API. Moreover, I want to keep my existing basic authentication feature in the case the user doesn't want to authenticate with his facebook account.
I've heard about omniauth and the facebook & twitter APIs, but this does not really answer what I have in mind.
First, I've thought to implement everything server-side. This way, the applications provide the API the email and password of the user's facebook account. The applications tell that these credentials should be use to authenticate through the facebook API and my API just does the job. However, if I have well understood the articles I've read, when we want to authenticate through facebook, we are redirected to the facebook website in order for the user to confirm that he confirm to grant access to his facebook account. This is not really convenient.
So, after reading this, I've thought that it would be better to handle authentication on the mobile apps: applications get the facebook access token, fetch information of the facebook profile and create an account with this data on my API. The problem here is that we don't have a password to create a valid account.
We only get a temporary access token when authenticating with facebook, so how do I create an account in my database with this information? How can I handle sign in with it? Should I store in database that the user account has been created with facebook data?
So, how to make facebook or twitter authentication in that case? What should I do on my applications and what am I expecting to do on the API?
I develop a web application with nodeJs. Most of the functions auth protected. I use Oauth2 (Google, Twitter) to authorize users to use the application.
I must create an Android application, what communicate with my backend over http after the user authenticated with Google account in the Android app.
What is the best practice for that?
I think OAuth2 would be good for this job. But how?
you can't really use oauth in this case. as this How can I verify a Google authentication API access token? explains, you should not share authentications.
Instead, you should have your mobile app use a separate authentication for backend requests. You could have them login once, generate some secret token you can store in the phone so they don't need to login each time. That token is protected by the google login anyway.
You might want to consider using PassportJS (in case you are using ExpressJS as your web application framework).
I'm using official Facebook Android SDK to integrate Facebook to my application. When it comes to authorize, the SDK use a custom dialog with Webview in it, loading facebook login page for user to enter username & password, this sounds OK.
However, when reading javadoc for the method "authorize" in Facebook.java (in the SDK package), I found that "Note that User credentials could be handled natively using the OAuth 2.0 Username and Password Flow, but this is not supported by this SDK"
How can I achieve this ?
Thanks in advance
Hum, I have not used the Facebook SDK yet, but I already coded communications with webservices based on OAuth 2.0 for the credentials; so my answer will not deal with Facebook specifically but with OAuth 2.0.
What you need to communicate with an OAuth webservice is first to get a token, in order to get it you need to give to the webservice your private developer key & password & your clients password & login.
I think that it is exactly what your documentation is talking about.
Note that good webservices provide an already written wrapper in order to do not have each developper rewritting the same wrapper.
If you need a wrapper example, look at Soundcloud Official Wrapper on github.
I have a mobile application and will like to have the authentication implemented either through the Application itself or through Facebook username and password.
For example, if I have username and password of Facebook then one can login into the Application. I don't want to integrate the facebook completely only the authentication part. Is this possible?
Hope to get a quick response.
Regards
Sunil
You can use de Facebook API, I used an implementation based on FBConnect for Android, but last thursday was released the Facebook SDK for Android, now that implementation would be more easy.
You can try to do this as in this project: http://code.google.com/p/triker/. Just don't ask for offline access in mobile app code (remove it from fb url get). When your backend get authcode You will know that user has FB account. If You wish You can exchange that code to auth token on server to get access to users data.