Reauthorization via twitter

Z

Zubchick2010-12-21 22:11:45

User identification

Zubchick, 2010-12-21 22:11:45

How to organize re-authorization through twitter? That is, the user has already given access to the application 1n time, done business and logged out. Now he enters again, presses the "login" button and obviously does not want to get to the page confirming the legality of our application's actions again, but wants to immediately log into the system. So how do you organize it?

I don’t want to store secret and key in cookies, because it’s somehow unsafe, are there any other ways? Twitpic, for example, logs in without question the user who is currently logged into twitter (unless, of course, confirmation has already been given for the twitpic account), there is a suspicion that he is looking at twitter.com cookies.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Kakysha, 2010-12-21
@Zubchick

Well, in this case, nothing depends on Twitter. His job is to give you oauth_secret and oath_key, and then you can either store it or not store it. Accordingly, a request encrypted using these keys is sent - it means it is logged in, a request is sent without keys - deny. Therefore, the question of where to store the keys is already yours, and encoding them (read - logged in) or not signing the request with them (read - logged out) is your task.
To begin with, specify what you are writing on and what exactly is required, otherwise I concluded by the word "cookies" that you authorize on your site. Yes?