All geek questions in one place

Is it possible (and / or a good idea) to reuse OAuth tokens between applications?

I am working on an iPhone application that uses xAuth to log in to Twitter. The app also communicates with my own web service. Instead of supporting the user model inside the web service, I would just like to allow everyone who has already authenticated via Twitter to make requests.

The use case at a high level is as follows: the user logs in and interacts with Twitter through the application. They can also interact with my web service through the app. The web service itself never interacts with Twitter. Instead of supporting a separate authentication system on my side, I would like the server to say, “Well, if Twitter says you're @joshfrench, then you have access.”

I am not sure how I should check server side requests. How do I transfer some authentication evidence from a mobile client to my web service? Can I send an existing Twitter token and check it from the server? Or somehow sign the request with my Twitter credentials? Is this even a valid use of OAuth?

+4
source share
1 answer

If you store the application key and the Twitter secret key and both its iphone application and your server, and then somehow transfer the user token (also called the “access token”) key / secret from the iphone application to the server, then you can make the same type of api calls from the server.

consumer = OAuth::Consumer.new(app_key, app_secret, …) access_token = OAuth::AccessToken.new(consumer, user_key, user_secret) response = access_token.get('/stuff.xml')

So, is it okay to transfer this information from the application to the server? If you do it safely, and while waiting for the user how the application works, then this is an absolutely wonderful use of oauth.

Perhaps this is not allowed by the terms of service of Twitter - I could imagine that there is something that says that you can’t transmit the user's access secret over the network or some such thing. (general wild speculation, I don't think it is particularly likely in this case)

+1
source

Source: https://habr.com/ru/post/1347267/

More articles:


All Articles