Log in to Twitter via a Jetpack
23 views
Skip to first unread message
David Bruant
May 20, 2013, 5:51:36 PM5/20/13
to mozilla-la...@googlegroups.com
Hi,
I've started writing an addon to add some metrics to the Twitter Web UI.
This addon generates metrics that are meant to be relative to the
"current" user. So I need to log the user to access the Twitter API [1]
(I could get the info by hacking the Twitter web UI, but don't feel
that's a good idea)
I need to do OAuth authentication. I feel this should be common enough
to have a Jetpack module somewhere, but I haven't found any. Is there
one you know about (or another Jetpack that does Twitter authentication
by another mean)?
Thanks,
David
[1] https://dev.twitter.com/docs/api/1.1
I've started writing an addon to add some metrics to the Twitter Web UI.
This addon generates metrics that are meant to be relative to the
"current" user. So I need to log the user to access the Twitter API [1]
(I could get the info by hacking the Twitter web UI, but don't feel
that's a good idea)
I need to do OAuth authentication. I feel this should be common enough
to have a Jetpack module somewhere, but I haven't found any. Is there
one you know about (or another Jetpack that does Twitter authentication
by another mean)?
Thanks,
David
[1] https://dev.twitter.com/docs/api/1.1
Mark Hammond
May 20, 2013, 10:55:27 PM5/20/13
to mozilla-la...@googlegroups.com
There is an "oauthorizer" package we developed a couple of years ago
that did some nasty hacks to get oauth working purely in the browser
(typically oauth will want to redirect to a server associated with the
api key) - the code here tries to catch that case and ignore the
redirect while still keeping the other end happy).
https://github.com/mozilla/oauthorizer
The details are now fairly vague to me, it doesn't look like there are
tests, and it looks like our attempt at converting to a jetpack wasn't
successful at the time (eg,
https://github.com/mozilla/oauthorizer/commit/340caf87d17730e3c4b4294c3f42317e8f790c66).
The only known consumer of this is the repo at
https://github.com/mozilla/fx-share-addon - which did do twitter oauth.
No idea how useful this will be, but I thought it worth mentioning...
HTH,
Mark
that did some nasty hacks to get oauth working purely in the browser
(typically oauth will want to redirect to a server associated with the
api key) - the code here tries to catch that case and ignore the
redirect while still keeping the other end happy).
https://github.com/mozilla/oauthorizer
The details are now fairly vague to me, it doesn't look like there are
tests, and it looks like our attempt at converting to a jetpack wasn't
successful at the time (eg,
https://github.com/mozilla/oauthorizer/commit/340caf87d17730e3c4b4294c3f42317e8f790c66).
The only known consumer of this is the repo at
https://github.com/mozilla/fx-share-addon - which did do twitter oauth.
No idea how useful this will be, but I thought it worth mentioning...
HTH,
Mark
Pelle Wessman
May 21, 2013, 5:12:48 AM5/21/13
to mozilla-la...@googlegroups.com
Since Twitter uses OAuth 1 and requires you to have your own consumer key and secret for your app you can't really implement this purely client side in javascript because there's simply no way that you can keep your consumer secret truly secret as required.
Some OAuth 1 implementations allows use of generic anonymous keys and secret to enable use in untrusted environments like a client side script and ordinary OAuth 2 since it doesn't really have any secrets have a standardized way in its standard on how to do client side OAuthing - sadly Twitter supports neither.
The only solution I can think of is that you create a server side API that you make your requests to Twitter through.
/ Pelle
Some OAuth 1 implementations allows use of generic anonymous keys and secret to enable use in untrusted environments like a client side script and ordinary OAuth 2 since it doesn't really have any secrets have a standardized way in its standard on how to do client side OAuthing - sadly Twitter supports neither.
The only solution I can think of is that you create a server side API that you make your requests to Twitter through.
/ Pelle
David Bruant
May 21, 2013, 10:54:09 AM5/21/13
to mozilla-la...@googlegroups.com, Pelle Wessman
Le 21/05/2013 11:12, Pelle Wessman a �crit :
I really wished I wouldn't need a server-side component... oh well...
Thanks for your answers Pelle and Mark,
David
> Since Twitter uses OAuth 1 and requires you to have your own consumer
> key and secret for your app you can't really implement this purely
> client side in javascript because there's simply no way that you can
> keep your consumer secret truly secret as required.
>
> Some OAuth 1 implementations allows use of generic anonymous keys and
> secret to enable use in untrusted environments like a client side
> script and ordinary OAuth 2 since it doesn't really have any secrets
> have a standardized way in its standard on how to do client side
> OAuthing - sadly Twitter supports neither.
>
> The only solution I can think of is that you create a server side API
> that you make your requests to Twitter through.
https://www.youtube.com/watch?feature=player_detailpage&v=bKweynM2xas#t=20s
> key and secret for your app you can't really implement this purely
> client side in javascript because there's simply no way that you can
> keep your consumer secret truly secret as required.
>
> Some OAuth 1 implementations allows use of generic anonymous keys and
> secret to enable use in untrusted environments like a client side
> script and ordinary OAuth 2 since it doesn't really have any secrets
> have a standardized way in its standard on how to do client side
> OAuthing - sadly Twitter supports neither.
>
> The only solution I can think of is that you create a server side API
> that you make your requests to Twitter through.
I really wished I wouldn't need a server-side component... oh well...
Thanks for your answers Pelle and Mark,
David
Reply all
Reply to author
Forward
0 new messages