Menu
I am using Scribe (OAuth1.0) as a mechanism so that users can use their Twitter account to authenticate to my GWT/GAE application.
According https://dev.twitter.com/docs/auth/implementing-sign-twitter, there are 3 possible scenarios: a/ User is Signed in and approved. In this case, Twitter should redirect the user transparantly back to my application url, b/ user is Signed in but not authorize, or c/ user is Not signed in
When Twitter comes back to my application (the callback), I use the verifier parameter to read the user data from twitter, which I use to determine the user in my application.
All of this works fine except for the following:
Scenario a/ is not working for me. Eventhough the user has already authorized my application to read his user data, Twitter seems not to remember this, and asks again to authorize access. (scenario b/).
965
There are two URLs twitter offers for applications requesting an OAuth token:
/oauth/authenticate and /oauth/authorize. When an application directs users to the authorize endpoint - Twitter will request the user to authorize the application EVERY time they log-in. The authenticate endpoint will request authorization once and then any subsequent log-ins to Twitter will seamlessly pass-through to the application callback. This is more traditionally known as "signing in with your Twitter account".
In Scribe, the default is authorize - to change this to authenticate you need 2 things:
org.scribe.builder.api.TwitterApi.class change this to org.scribe.builder.api.TwitterApi.Authenticate.class
Now your application will direct users to sign-in to the /oauth/authenticate endpoint and, if they have authorized your application at least once, they will just get passed through.
Edit: Additional documentation - https://dev.twitter.com/docs/api/1.1#102
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
