Does anyone have thoughts on this? :) Sorry to bump!
On Apr 15, 9:18 pm, Karate <quantumkar...@gmail.com> wrote:
> I am wanting to use @anywhereto allow users to login to my website,
> but I am curious about how to implement proper security.
>
> Right now when a user hits the "Connect With Twitter" button on my
> website and signs in via the popup window, the button changes to say
> "Connected with Twitter". So far so good.
>
> I can then run things like:
>
> screenName = twitter.currentUser.data('screen_name');
>
> However, I want to be able to send the currentUser's id or twitter
> username to my server to log them into my website as well. I want to
> check their id/username against my database, and store it if it
> doesn't exist, then log them in.
>
> So, the response that I get from running:
>
> twttr.anywhere(onAnywhereLoad);
>
> contains their username/id and some other information, but if I sent
> this to my server via javascript to login, there's nothing stopping
> someone from making a fake request containing a different username to
> login.
>
> WithFacebook'sConnect API I get a cookie set that I can then use
> with my secret to verify that the request is really fromFacebook, is
> there an equivalent of this in Twitter?
>
> Does this require me to use oAuth?
>
> Again, all I'm trying to do is allow users to sign in to Twitter via
> @anywhereon my site then send their username/id to my server to log
> them into my application based on that username/id. I just need to be
> able to validate that the data being sent to my server (username/id)
> was really set by Twitter.
>
> Any thoughts?
>
> Thanks!
>
> --
> Subscription
> settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
