Get the user id of a user from an access token


#1

Hello,

Let me explain my problem, currently I use LinqToTwitter to perform the authorization of a user.

I have the Connect Twitter button on my website, when the user click on it, an ajax request requests the method to perform authorization, the user is redirect to “https://api.twitter.com/oauth/authorize?oauth_token=” and then enter his login and password.
Once it’s done, it is redirect to the urlReferrer of my website and I receive the fields I need like username, userid, …

Then if the UserId of the social network user doesn’t match with any entries of my database I open a popup to ask for his email ( Email is a required field)

Then, once the email has been confirmed by the user, I have to connect him in our website by making an ajax request connectSocialUser(userid, avatar, accessToken).

For Google and Facebook I have put in parameter the access token and then request respectively these two urls :
https://graph.facebook.com/me?fields=id&access_token=
"https://www.googleapis.com/oauth2/v1/userinfo?access_token="
These two urls give me back the userid and by a simple comparison I can know that the user is the good one and not an usurper.

So my question is :
Is it possible to retrieve the userid of a user from the access token ?

If not how can I make this works?

Thank you a lot!


#2

The user’s ID is currently part of the access token string returned to you as part of the oauth/access_token response – but you shouldn’t rely on that being the case forever.

Instead, obtain the user’s ID and screen_name by issuing a request to account/verify_credentials with their access token once you’ve obtained it.


#3

Ok thanks for answer.

Moreover is there a field in the account/verify_credentials request which could provide me the status of connection of the user.

For example, once I have the AccessToken and AccessTokenSecret of the user, I can access his datas even if he is disconnected from Twitter. So my interrogation is to know if I can know the user is logged or not.

Thank you again.


#4

There’s not really a concept of logged in for a third party app and whether the user is logged in to twitter.com or not won’t be revealed through the API. The access token lets you work on behalf of the user for as long as the user allows your app access.