开发者

Understanding OAuth and client sessions

问答 作者:

I'm learning about OAuth with the开发者_运维知识库 goal of allowing visitors to my website the ability to sign in with Twitter. I've been using the Python based oauth2 library as a learning tool, and I think I get most of it.

I understand that after the user authenticates with the service (Twitter in this case) the user is sent to the callback URL with the parameters oauth_token and oauth_verifier.

What I fail to understand is the proper way of storing this information in the users browser. How do I identify these values during subsequent requests? Am I required to create a session system as with a normal website, or is there some magic in OAuth that makes this unnecessary?

How you handle client sessions of people who visit your website is not covered by OAuth, that remains up to you (and the usual session management frameworks).

All OAuth does is tell you that the user really is the Twitter user he claims to be. You can then associate this piece of information with the user session on your site (just like you would if the login screen was on your own page).

there are two types of oauth_token and oauth_verifier in twitter API

first is request token that always come different on each process, that can be save into session using getRequestToken method

i m telling in PHP view , but logic are same in any language /

* Get request token */
$request_token = $connection->getRequestToken(OAUTH_CALLBACK);

/* Save request token to session */
$_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];

another is accesstoken: that is retrived via getAccessToken method 

 $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);

Array
(
    [oauth_token] => 223961574-mEctH7SHai######
    [oauth_token_secret] => G7Buyxn4okF31Ln3ulAh#####
    [user_id] => 223961574
    [screen_name] => ltweetl
)

these token are same which is in your registered application on twitter

and already given at below page...

http://dev.twitter.com/apps/{your_app_id}/my_token.

继续阅读:oauthtwitter

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9