Is Facebook/Twitter using oAuth for their own apps?

Are services like Facebook and twitter using the same oAuth mechanism for their own (mobile) apps as the rest of us? Or are the using some kind of "special mode" in开发者_StackOverflow中文版 oAuth which bypasses the permissions stuff etc. ?

Would really like to know how they are authenticating their users.

Facebook is not using oauth and have special login/private API for their own purposes. Only Facebook is 1st class citizen for these APIs and they don't need to bother with public APIs.

Facebook's iPhone,Android,etc apps can log users in directly with username and password and create a new Facebook session directly, but other apps using the API need to use Oauth to get a user access token

If you're using android or iphone SDKs, this can be without the user needing to log in again, they simply need to authorise the app in a dialog, which is rendered by the Facebook app and uses the session created by the Facebook-supplied app

yes, they use oAuth

Twitter oAuth

Facebook oAuth

Facebook Connect is based on OAuth 2.0. In OAuth 2.0. SSL is required while signatures are not required for the actual API calls once the token has been generated. It has only one security token.

Twitter uses 1.0a. OAuth 1.0 requires client to send two security tokens for each API call, and use both to generate the signature.