Does anyone have thoughts on this? :) Sorry to bump!
On Apr 15, 9:18 pm, Karate <quantumkar...@gmail.com> wrote: > I am wanting to use @anywhereto allow users to login to my website, > but I am curious about how to implement proper security. > > Right now when a user hits the "Connect With Twitter" button on my > website and signs in via the popup window, the button changes to say > "Connected with Twitter". So far so good. > > I can then run things like: > > screenName = twitter.currentUser.data('screen_name'); > > However, I want to be able to send the currentUser's id or twitter > username to my server to log them into my website as well. I want to > check their id/username against my database, and store it if it > doesn't exist, then log them in. > > So, the response that I get from running: > > twttr.anywhere(onAnywhereLoad); > > contains their username/id and some other information, but if I sent > this to my server via javascript to login, there's nothing stopping > someone from making a fake request containing a different username to > login. > > WithFacebook'sConnect API I get a cookie set that I can then use > with my secret to verify that the request is really fromFacebook, is > there an equivalent of this in Twitter? > > Does this require me to use oAuth? > > Again, all I'm trying to do is allow users to sign in to Twitter via > @anywhereon my site then send their username/id to my server to log > them into my application based on that username/id. I just need to be > able to validate that the data being sent to my server (username/id) > was really set by Twitter. > > Any thoughts? > > Thanks! > > -- > Subscription > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en