在Facebook& Twitter-存储凭据 [英] Sharing Items from your Application on Facebook & Twitter - Storing Credentials

问题描述

如果您有一个Web应用程序，它将允许用户选择共享在Facebook和Twitter上的活动，我想知道什么是在您的应用程序中构建社交身份验证的正确方法(以及与Facebook内联的内容)和Twitter政策)，以便您可以在自己的墙上发推文和发布.

If you have a web application that will allow the users to opt-in to sharing their activity on Facebook and Twitter I'm wondering what is the right way to architect that social authentication into your application (and what is inline with Facebook and Twitter policies) so that you can tweet and post on your wall.

您是否将用户名和密码存储在数据库中?
然后使用这些凭据调用社交API.到目前为止，据我所知，这两个API都使您可以执行OAuth重定向操作.他们是没有对话交互的一种方法，因为您现在无论如何都存储了用户名和密码.

Do you store the users username and password in your database?
And then call the social APIs with these credentials. From what I have learned so far both these APIs make you do an OAuth redirect thing. Is their a way to do that without the dialog interaction since you now have stored the username and password anyways.

不确定这是否是一个问题，但是对于要在两者上共享的用户，您是否必须在下一个之后立即进行两次OAuth握手，然后再发布到Facebook，然后发布到Twitter. 并且每次用户共享内容时，您都必须这样做吗?

Not sure if this is an issue, but do you have to do two OAuth handshakes one right after the next to post to Facebook and then Twitter for those users that want to share on both.
And would you have to do this each and every time the user shares something?

我刚刚启动了TweetDeck，不需要通过与Twitter的一些交流来重定向.糊涂了.

I just launched TweetDeck and I wasn't required to get redirected through some exchange with Twitter. Confused.

对于基于Web的应用程序，仅需要大多数人的操作方式"方面的帮助和指导即可. 提示越少，重定向越少.

Just need some help and guidance with "how most people do it" for web-based applications. The less prompting and less redirects the better.

推荐答案

我认为存储用户名和密码不是一个好方法，因为我认为大多数用户会反对您将这些用户名和密码保留在文件中.我尚未对Twitter进行任何工作，但是在Facebook上，您需要创建一个应用程序，然后要求用户授予您的应用程序权限.这些权限要求用户必须登录Facebook才能正常工作，除非您请求offline_access许可.根据我的经验，您要求的权限越少，就会有更多的用户愿意授予您这些权限.我的方法是始终要求获得使该应用程序正常运行所需的最低权限.授予您的应用权限后，每次您要与用户的Facebook帐户进行交互时，都需要获取OAuth令牌. (据我所知，这些令牌可以使用约60分钟.)存储这些令牌无济于事，因为它们会过期.希望这能为您指明正确的方向.

I don't think storing the username and password would be a good way to go since I think most users would object to you keeping thiere usernames and passwords on file. I have not done any work with Twitter, but on Facebook you need to create an App and then ask the user to grant your app rights. These rights require the user to be loged in to Facebook in order to work, unless you request the offline_access permmission. From my experience, the fewer permmissions you request, the more users will be willing to grant you these permmissions. My approach is to always request the minimal permmissions I need to get the App to work. After granting your App permmissions, you need to get an OAuth token each time you want to interact with the user's Facebook account. (These tokens are good for about 60 minutes, as far as I remember) Storing these tokens will not help, since they expire. Hope this points you in the right direction.

这篇关于在Facebook& Twitter-存储凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！