开发者

is it possible to authenticate with oauth, on the iphone, without making the user enter a pin?

开发者 https://www.devze.com 2022-12-18 15:53 出处:网络
there is no practical way that i can see or have read about that lets you authenticate using oauth without making the user leave the app or ha开发者_如何学Pythonve to write the pin down before they ca

there is no practical way that i can see or have read about that lets you authenticate using oauth without making the user leave the app or ha开发者_如何学Pythonve to write the pin down before they can post an update..... is there maybe another Rest API that i missed?


Here is my code.... am i doing something wrong?

NSURL *requestTokenURL = [NSURL URLWithString:@"http://twitter.com/oauth/request_token"];

OAMutableURLRequest *request = [[OAMutableURLRequest alloc] 
initWithURL:requestTokenURL 
consumer:_consumer 
token:nil 
realm:nil 
signatureProvider:nil];

[request setHTTPMethod:@"POST"];
[request setOAuthParameterName:@"oauth_callback" withValue:@"myApp:"];
[request prepare];


OADataFetcher *fetcher = [[OADataFetcher alloc] init];

[fetcher fetchDataWithRequest:request
                     delegate:self
            didFinishSelector:@selector(requestTokenTicket:didFinishWithData:)
              didFailSelector:@selector(requestDidFail)];

}


Yup. What you can do is register a custom URI scheme with your application and use it in the oauth_callback parameter. This saves you from having to use out-of-band callback configuration, which requires the user to manually enter a verifier, as you describe.

Details on registering a custom URI scheme for your app here:

http://iosdevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html

Edited - Elaborating

Using a custom URI scheme, you can instruct an OAuth Service Provider to 'call back' to your iPhone application when a user authorizes a Request Token. This is an alternative to the cumbersome "out-of-band callback" workflow that requires a user to authorize a Request Token, and then be given a verifier code that they manually enter via your application. It is also more analogous to how Web Applications that use OAuth behave.

The steps involved in using a URI scheme would be the following:

  1. Using the above link as a guide, bind a custom URI scheme to your iPhone application (i.e. "myapp://").
  2. When requesting a Request Token from the OAuth Service Provider, provide a URI that uses your custom scheme as the value of the 'oauth_callback' parameter. For example, oauth_callback=myapp://oauth/callback
  3. When you get a Request Token, direct the user to the Service Providers authorization endpoint URL via the browser (launch Safari, send the user to http://example.com/oauth/authorize?oauth_token=token).
  4. If the user chooses to authorize the Request Token, the Service Provider will redirect them (usually via a 301 HTTP Status header) to the URI you provided in step # 2.
  5. Safari will recognize that the URI uses a scheme that is bound to your application and launch your app.
  6. When the callback is called (again, see the above linked guide for details) you will be able to exchange the authorized OAuth Request Token for an Access Token.
  7. Finally, with an Access Token you will be able to access Protected Resources from the OAuth Service Provider.

Does that make more sense?


this is why it wont work...

April 23, 2009 Deprecated (REST): Support for the oauth_callback parameter has been removed due to security vulnerability. (discussion)

you have to manually set the callback URL in your application settings

0

精彩评论

暂无评论...
验证码 换一张
取 消