How to process multiple accounts with OAuth?

Question

I have an application that posts to multiple Twitter accounts by storing an array of usernames and passwords. Recently, Twitter updated their API so I have to authenticate using OAuth instead of storing credentials. How would I make the user authenticate for multiple Twitter accounts during a single process?

For example, I have a textbox with a submit button. When the user clicks on the submit button, I want the textbox value to post to user1, user2, and user3's Twitter account. This means they would have to be simultaneously logged into 3 accounts at the same time for this single click to work right? How is this possible?

PS -- I am doing this for Facebook too and is the same API / OAuth concept, which is why I tagged it with Facebook API as well.

Answer 1

The problem I'm having is that I can successfully oAuth once to the 3 social networks I need (FB, Twitter and Dropbox) but when I try to allow my user to oAuth another account for any of those networks the given social network is already logged in and doesn't present another dialog for the user to enter username/password to authorize that given account.

Hootsuite allows you to easily add multiple accounts for a given social network and every time you try to add a new account it seems to have successfully "forgotten" the previous login you've made to grant that access. E.g. I can successively enter three Twitter connections in Hootsuite without ever running into the issue I have above.

Any suggestions? Is there a way to let the social networks know that I just want to authorize but not necessarily login during the oAuth process?

Thanks!

AG3

Answer 2

The user doesn't have to be simultaneously logged into 3 accounts; but he does have to authorize your app thrice using different accounts.

See Twitter's OAuth FAQ - The access token does not expire. Once the user authorizes your app, you store the access token in your database. Then you just repeat the process all over again and store the next access token.

With Facebook, the tokens are short-lived, but you can request for the extended permission "offline_access". That would allow you to roughly achieve the same thing as twitter.