I am using twitterizer for posting tweets to a user's twitter account. It works fine but it is fully based on tokens (as you all know). This doesn't work in my case because Twitterizer redirects the user to the twitter page where the user logs and then using callbackurl the control is returned to our application.
My requirements are slightly different. I am storing user's twitter's account credentials in my database and then using those credentials I want to post the tweet.
Is this possible? So, in summary I don't want user to leave my site. They can configure their username and password in my application form and then I want to pick up those credentials and post a tweet.
Not sure about Twitterizer, but I believe you can register your app at twitter.com, do a one-time auth through OAuth, get and store the auth token, and use it permanently.
I can't speak from experience or authoritatively, but I believe storing their credentials in your DB is probably against Twitter's TOS.
See the OAuth FAQ for Twitter.
How long does an access token last?
We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.
AFAIK, twitter has stopped allowing that kind of functionality now. The only way to connect is by making use of twitter OAuth.
Related
I'm working on implementing ASP.NET C# Single Page Application + Web API with OWIN for Twitter.
So a quick summary:
The SPA client opens a popup window of the Web API that, via the OAuth/Owin-Twitter middleware, redirects the user to Twitter where he enters his username and password. Via back and forth of requests and responses, the Web API receives an authenticated access token from Twitter. The only reliable piece of data I have at this point is the access token.
So the question is:
Is there a way to verify an access token, that it was issued for such user and for such app/consumer?
After days of research, the only thing I have seen so far is:
GET account/verify_credentials
https://dev.twitter.com/rest/reference/get/account/verify_credentials
But thing is it requires a user context. I need a way that is workable with just an access token.
Any help would be greatly appreciated.
I am developing a project where I need to send tweets from my web applications. These tweets must be send via my account instead of user's account. The OAuth library forces us to show log-in screen which is not required in this case. I am looking for a way to log-in to twitter via my username and password (we are not asking user to submit username and password) and tweet a user activity or something...
the OOB/Pincode method is not feasible as well as it requires human interaction by entering pin code...
It could achieve if twitter have support for old authentication method (I believe Twitter no more support old auth method) .... Does anyone have idea how can I achieve this by OAuth or anything else?
I believe you need to use Twitter XAuth for this. It will allow you to generate a non-expiring access token for your application using a username/password. Once you have this you can dispose the username/password and use the token to authenticate further requests to the API.
If you want to send the tweets from the same account as the one your application is registered with, I believe you can also just use the access token provided in your app settings page. The documentation is here. You can skip down to the part where you have the OAuth token and need to sign the request.
I've provided an example of how to authenticate against Twitter using oAuth and the application access token here.
How can I authenticate with a username(email) and password? The samples provided just calls "authorizer.Authorize()" without credentials (which simply throws an "Invalid URI" format exception for me). Do I need an accessToken and if so, how do I get one?
You cannot authenticate with a username and password. You must use OAuth to authenticate a user. Facebook does not permit application developers to collect usernames and password from users.
This tutorial should help you: Getting Started with the Facebook C# SDK
I am not sure what you are trying to do exactly. But here is my experience and my knowledge of authentication.
In order to authenticate a user, you need a facebook application (specifically app id and server code), the user has to input their username and password and allows your app to access their data.
This authorization process will generate an access token that will your facebook app to access the user info. Note that this access_token expires often and in which case you need to authenticate again.
http://developers.facebook.com/docs/authentication/
Follow this youtube link and you might understand how you will get authenticated using ur website.
this will redirect you to facebook where you have to log in, so if you want a random user on ur site to authenticate they will be redirected to facebook log in if u use the code from this example:
Facebook Auth Example
Hope this is what your looking for m8!
I'm using C# to build some functionality for a website. They want to twitter a message to their account at the point when a new vacancy gets added to their website. I face the issue that when i try to do this using the OAuth token approach i have to grant access to the application everytime. I want this all to work automatically without the need for permission. Can i login the user and then just post a message or how do I approach this?
With OAuth you only need to get their permission once, and you can save the Access Token that Twitter returns to you and use it to act on behalf of the user as long as the user does not deny you permission to act on their behalf or the token hasn't expire. Twitter does not currently ever expire tokens see Twitter OAuth FAQ.
Just save the token along side the username in the database and use it to send post requests whenever you need to post to twitter.
Twitter puts it this way in this Transitioning from Basic Auth to OAuth Guide:
Prepare long-term storage for access tokens and secrets
Whatever your storage system may be, you'll need to begin storing an oauth_token and oauth_token_secret (collectively, an "access token") for each user of your application. The oauth_token_secret should be stored securely. Remember, you'll be accessing these values for every authenticated request your application makes to the Twitter API, so store them in a way that will scale to your user base. When you're using OAuth, you should no longer be storing passwords for any of your users.
I am totally lost finding the right API to create a sign up process like Foursquare. I am attaching a document of what I am trying to do. I have already tried OAuth, JavascriptSDK, Facebook.NET API from Codeplex and FacebookToolkit.NET from Microsoft. Nothing looks what I actually need. I think some one experienced can lean me towards where I should go straight.
https://docs.google.com/fileview?id=0B6mlBkccI34zNDNmMGMyNTYtMDY2NS00NmEwLTlkMjQtZjA5NmVmZDMzYzlj&hl=en&authkey=CNPH9LEL
Note: I am trying to achieve this via ASP.NET with C#.
Facebook Graph Api is the best.The url is http://developers.facebook.com/docs/api
The Graph API uses OAuth 2.0 for authorization. Check out the authentication guide for the details of Facebook's OAuth 2.0 implementation.
OAuth 2.0 is a simpler version of OAuth that leverages SSL for API communication instead of relying on complex URL signature schemes and token exchanges. At a high level, using OAuth 2.0 entails getting an access token for a Facebook user via a redirect to Facebook. After you obtain the access token for a user, you can perform authorized requests on behalf of that user by including the access token in your Graph API requests:
https://graph.facebook.com/220439?access_token=...
Check out the PHP example code or the Python example code on GitHub to see a complete example of obtaining an access token for the current user. The steps to obtain an access token are:
Register your application to get an app ID and secret. Your Facebook app ID is your client_id and your Facebook application secret is your client_secret.
Redirect the user to https://graph.facebook.com/oauth/authorize with your client_id and the redirect_uri. The redirect_uri parameter needs to begin with your app's URL. For instance, if your URL is http://www.example.com then your redirect URI could be http://www.example.com/oauth_redirect.
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
After the user authorizes your application, we redirect the user back to the redirect URI you specified with a verification string in the argument code, which can be exchanged for an oauth access token. Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. Pass the exact same redirect_uri as in the previous step:
https://graph.facebook.com/oauth/access_token?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect&
client_secret=...&
code=...
Use the access token returned by the request above to make requests on behalf of the user:
https://graph.facebook.com/me?access_token=...
You are looking for the Facebook Connect API.
More info for the single login process can be found here
You could also leverage OpenID
Your document notes the Yelp signup process, which is very low friction and allows the user's information to be available to the website without having to go through Facebook's authentication process.
Yelp, Microsoft Docs, and Pandora are using a feature of Facebook called Instant Personalization. Instant Personalization is not available to developers as of yet and is only available to those three partners.
That being said, you likely would need to use the Facebook Login Button to allow the user to grant you access to their information (including their friends list).
As far as the process of getting a list of friends, use the graph call "me/friends"
I manage FaceSharp, a .NET open source project to help people get started with Facebook Development and will be adding functionality similar to what you are looking to do in the future, perhaps some of that code will help you in your efforts. It's under the MIT license, so take whatever you want.