Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OAuth Token Differences between Facebook and Twitter/LinkedIn

Tags:

c#

oauth

twitter

facebook-graph-api

asp.net-mvc-4

This may very well be an offensively stupid question, but I can't find a quick and concise answer to it for the life of me. So here we go...

I am currently implementing Facebook, Twitter, and LinkedIn Post/Update/Share functionality within a C#/MVC4 web app. I have the appropriate Apps created on each social network, which a user of the web app can authorize (via the standard OAuth dialogues of each network), such that they can send a profile update to several/all networks with one click. I have completed development of this functionality and everything is working as designed; I am now in a phase of refactoring the code and the associated db schema (used for storing the necessary OAuth Tokens for the Apps and Users, extended User Info pulled from the particular network's API, Individual Post metrics, etc.), which is where I am left scratching my head.

Without further adieu... the questions:

  1. Regarding OAuth Tokens for Apps: Why does Facebook only provide/require an "App Secret" whereas both Twitter and LinkedIn provide/require both a "Consumer Key" and "Consumer Secret"?

  2. Regarding OAuth Tokens for App Users: Why does Facebook only provide/require an "access token" whereas both Twitter and LinkedIn provide/require both an "access token" and an "access token secret"?

Is this simply due to a difference in the OAuth protocol versions implemented by Facebook (2.0 draft 12) vs Twitter and LinkedIn (1.0a), or is it something else completely?

like image 272
Derek Wohlfahrt Avatar asked Nov 12 '22 14:11

Derek Wohlfahrt

1 Answers

Here are answers to your questions,

1.Facebook do provide both App key and App secret on registering an app as a Facebook developer.

2.Facebook uses OAuth 2.0 so it only provides a access token and refresh token(refresh token is only provided if you ask for offline access while specifying scopes),the access token has validity of 1 hour,after that it gets invalidated,you need to refresh it or get new access token altogether.

This difference is due to variation in OAuth protocol versions OAuth 1.0/1.0a and OAuth 2.0.

like image 164
Cris Avatar answered Nov 15 '22 06:11

Cris
Sign in to Comment

Related questions

xml nodes editing based on an xmlElement
JSON serialization: class contains a generic collection of generic types
selecting correct list of Enums from 2 derived classes
Adding and retrieving embedded resources codedom
DragnDrop file in DataGridView
How to access laptop built-in fingerprint scanner in c#?
binding datagrid for Wpf to a DB
StyleCop Rule for Multiline Curly Brackets
C# read/write mifare nfc tag
Problems with my threads array
Serialize list of interface types with ServiceStack.Text
Best way to load images into memory?
Creating a form from a WinForms Control hosted within WPF -- Owner is not set
How can I get only data from reporting services without using their controls?
How do I avoid access violation exception calling a CUDA Dll?
Loop compiler optimization
No implementation file was provicded for the .winmd file
Throttling Bandwidth on Ethernet Port
How do I format so method parameters are stacked vertically, one per line?
WPF TextBox doesn't take input, space and backspace works

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!