开发者

Twitter oauth authorization in a pop-up instead of in main browser window

开发者 https://www.devze.com 2022-12-29 02:37 出处:网络
I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:

I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:

TweetMeme has a Re-tweet twitter widget tha开发者_运维知识库t publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet.

This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user.

The pop-up window looks like this:

http://twitpic.com/1kepcr

I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?


I think that the process is something like this (I assume that they have used php on server-side):

First it opens a jQuery-like popup, but it's not strictly related to twitter sign in functions. The real sign-in process begin when you confirm that popup, so it open new popup, with some php inside, that # hold a session. Those scripts ask to twitter the request tokens, using site's application params, and save them into $_SESSION array. If it's all-right, twitter send you to twitter authenticate page (https://twitter.com/oauth/authenticate), and after you have inserted your login params, twitter send you to the callback page defiend by that site. Here there is another php page that request access tokens, and save them into $_SESSION array. If it's all-right now the site has params that he needs for querying your profile, so last scripts inside popup refresh opener window (main site) and close himself. Now main window has all the interesting params inside $_SESSION array.

Check this useful library for all the server-side work.


All they're doing is opening a page http://api.tweetmeme.com/share?url=someURL&source=tweetmeme in a new window (using target _blank), then starting the process from there.

EDIT: I was looking at the wrong retweet button. For your specific example, clicking the retweet button first opens Tweetmeme page http://tweetmeme.com/ajax/partial?... in a new window. Clicking yes then initiates the OAuth process by sending you (still in that window) to https://twitter.com/oauth/authenticate (with appropriate parameters).

0

精彩评论

暂无评论...
验证码 换一张
取 消