Twitter OAuth callback issues for web widget
Our website lets users create small widgets that can be embedded on other third party sites. When an end-user interacts with our widget on some site, we want to post a twitter update on his/her behalf and then display a message to the user on the widget itself(provided the twitter update was successful). We've been using the twitter api with basic auth to do this(we asked the user for their username and password within the widget itself). Now that twitter has moved to OAuth exclusively, we have created a twitter app to use the OAuth API.
Now, one way开发者_运维知识库 to go about this is to register our twitter app as a client app(instead of a browser app). For this, the possible flow is that we ask the user to goto a url(link click and opens in a new window) and then authenticate on twitter,give permission to our app and come back to the widget and enter the pin that twitter provides. this is cumbersome.
The other way is to register the app as a web app. Once the user authenticates and gives perms(in the new window opened as a link click), we ask twitter to redirect to our own custom url with the access token and other info(needed to tweet for the user). So, tweeting should work fine. But, how do I notify the widget(running within an iframe in the original window) whether the tweet was successful or not ?
I can think of a polling based solution, but there has to be a better way, right ?
Also, I cannot use window.open (instead of a link with href = and target = _blank) because browsers treat them as popups and block them.
There are 2 options (one of which I personally use).
- You can store the fact that it was just authenticated with the token in a Session (in the callback script/page), and in your iframe page have a javascript timer checking another script (via AJAX) whether the Session has been set or not - if it has, then the iframe will know that it's successful. 
- The second option is to do the same thing, except check the database if it's been stored or not (not using Sessions). 
I recommend doing the 1st option though.
 
         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论