Brief us your requirements below, and let's connect
1101 - 11th Floor
JMD Megapolis, Sector-48
Gurgaon, Delhi NCR - India
1st floor, Urmi Corporate Park
Solaris (D) Opp. L&T Gate No.6
Powai, Mumbai- 400072
#12, 100 Feet Road
Banaswadi,
Bangalore 5600432
UL CyberPark (SEZ)
Nellikode (PO)
Kerala, India - 673 016.
Westhill, Kozhikode
Kerala - 673005
India
Sign in with Twitter can be implemented OAuth based. We will now discuss how to obtain the access token for sign in flow. It is essential that users should know about OAuth 1.0a protocol before going through this article. If you want to know how to sign a request, read the Authorizing a request page in Twitter.
In Order to check the signing of the requests on this page, the consumer secret is:
L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOgAbove value has been disabled and will not work for real requests.
Table of Contents
1. Obtaining Request Token
In order to start the Sign in flow, the application you created must obtain a request token by sending a message to POST oauth/request_token. The unique parameter in this request is oauth_callback, this must be a URL encoded version of your URL where your user should be directed when they complete step 2.
Twitter-sign-in-oauth-1_0
An example request:POST /oauth/request_token HTTP/1.1 User-Agent: <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">themattharris'</span> HTTP Client Host: api.twitter.com Accept: */* Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_version="1.0"During this process, your application will validate the HTTP status of the response. The values other than 200 indicates failure. The body of the response will contain the oauth_token, oauth_token_secret, and oauth_callback_confirmed parameters. Your application will ensure oauth_callback_confirmed is true and hence it sores the other two values for future reference.
Example response:
HTTP/1.1 200 OK Date: Thu, 13 Oct 2011 00:57:06 GMT Status: 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 146 <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">Pragma</span>: no-cache Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Vary: Accept-Encoding Server: <span class="GINGER_SOFATWARE_correct">tfe</span> oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0& oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI& oauth_callback_confirmed=true2. Redirecting User
This step involves directing user to Twitter to complete the appropriate flow (as mentioned in Browser sign in flow). Direct user to GET oauth/authenticate, request token obtained from Step 1 should be passed as the oauth_token parameter. For a website, this method can be implemented with the conventional HTTP 302 redirect as the response to the original “sign in” request. Soon, mobile and desktop apps will open a new window or direct the URL via an embedded web view.
Twitter-sign-in-oauth-2_0
Example URL to redirect to:https://api.twitter.com/oauth/authenticate?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0Three ways of Sign in Endpoint behavior based on the user’s status:
Signed in and approved:
If the calling application already approves the user while signing in Twitter, they will authenticate immediately and returned to the callback URL with a valid OAth request token.Signed in but not approved:
If the calling application did not approve the user while signing in Twitter, a request to share access with the calling application will be shown. Once this authorization request is approved, the user will be redirected to the callback URL with a valid OAuth request token.Not Signed In:
In this case, the user will be prompted to enter their credentials and grant access for application to use/access their information. After signing in, the user will be redirected to the callback URL with a valid OAuth request token.Lets see the states of the Sign in interaction
After successful authentication, callback_url receive a request containing oath_token, oauth_verifier parameters. Now your application verifies that token matches with request token (received in step1)
Request from client’s redirect
GET /sign-in-with-twitter/? oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0& oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY HTTP/1.1 Host: <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">localhost</span> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.5 (KHTML, like Gecko) Chrome/16.0.891.1 Safari/535.5 Accept: text/html<span class="GINGER_SOFATWARE_correct">,</span>application/xhtml+xml<span class="GINGER_SOFATWARE_correct">,</span>application/xml<span class="GINGER_SOFATWARE_correct">;</span>q=0<span class="GINGER_SOFATWARE_correct">.</span>9<span class="GINGER_SOFATWARE_correct">,</span>*/*<span class="GINGER_SOFATWARE_correct">;</span>q=0<span class="GINGER_SOFATWARE_correct">.</span>8 Referer: http://localhost/sign-in-with-twitter/ Accept-Encoding: gzip<span class="GINGER_SOFATWARE_correct">,</span>deflate<span class="GINGER_SOFATWARE_correct">,</span><span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">sdch</span> Accept-Language: en-US<span class="GINGER_SOFATWARE_correct">,</span>en<span class="GINGER_SOFATWARE_correct">;</span>q=0<span class="GINGER_SOFATWARE_correct">.</span>8 Accept-Charset: ISO-8859-1<span class="GINGER_SOFATWARE_correct">,</span><span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">utf</span>-8<span class="GINGER_SOFATWARE_correct">;</span>q=0<span class="GINGER_SOFATWARE_correct">.</span>7<span class="GINGER_SOFATWARE_correct">,</span>*<span class="GINGER_SOFATWARE_correct">;</span>q=0<span class="GINGER_SOFATWARE_correct">.</span>33. Conversion Of Request Token To An Access Token
In order to render the request token to access token, the application must make a request to POST oauth/access_token endpoint containing the oauth_verifier value obtained in step 2. The same request token is also passed in the oauth_token portion of the header.
twitter-request-token-to-an-access-tokenAn example request:
POST /oauth/access_token HTTP/1.1 User-Agent: <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">themattharris'</span> HTTP Client Host: api.twitter.com Accept: */* Authorization: OAuth oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="a9900fe68e2573b27a37f10fbad6a755", oauth_signature="39cipBtIOHEEnybAR4sATQTpl2I%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_token="NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0", oauth_version="1.0" Content-Length: 57 Content-Type: application/x-www-form-urlencoded oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBYThe successful response contains the oauth_token, oauth_token_secret parameters. These should be stored and used for future authenticated requests to the Twitter API.
Example response:
HTTP/1.1 200 OK Date: Thu, 13 Oct 2011 00:57:08 GMT Status: 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 157 <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">Pragma</span>: no-cache Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Vary: Accept-Encoding Server: <span class="GINGER_SOFATWARE_correct">tfe</span> oauth_token=7588892-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4& oauth_token_secret=PbKfYqSryyeKDWz4ebtY3o5ogNLG11WJuZBc9fQrQoLooking for a good team
for your next project?Contact us and we'll give you a preliminary free consultation
Contact Us Now!
on the web & mobile strategy that'd suit your needs best.
Advanced Techniques for SEO in Single Page Applications (SPAs)
Posted on Oct 15, 2024 | Digital MarketingSearch Google or Type a URL: Which is Better ?
Posted on Apr 30, 2024 | Digital MarketingYouTube Analytics: 15 Metrics to Track Performance
Posted on Apr 22, 2024 | Digital Marketing