First of all, it might be that I didn’t properly understand something, but I spent already a few hours trying to figure out everything there is to this.
There’s a Single Page Application I am currently working on for a client. It’s built on Angular 4 (now 5), but it could be anything else … React.js of Vue.js for example, since the problem I am having is generally tied to SPA principles.
As I already found out, if my app wants to post on Twitter, on users’ behalf, it has to be done from the app’s backend. Basically, the OAuth authentication also has to be done from the server, because I must keep Client secrets on the server.
- When Users selects a Twitter channel from the app, the fronted part of my app is going to make a request to its backend, which in turn is going to craft a URL with a client secret, a request token and a callback URL, and send them back as a resposnse to the frontend part of my app.
- My app (frontend part) now sends the request to Twitter app, in a modal window, to ask a User to click on “Authorize this app to read and write” button.
- Now, If I understand clearly this part, the Twitter is now going to send access tokens to a Callback URL that my app provided and I won’t have any notification if it’s done and when it’s done (unless I poll my backend and see if did process those tokens while listending for them on that Callback URL). Is there any other way it should be done? Could I tell Twitter API somehow that it shouldn’t send access tokens to the Callback URL, but instead to send them back to the Frontend App that made the request? Or could I intercept them somehow?
Again, I wanted to ask for all of this upfront. It might be that I didn’t understand clearly what happens at the 3rd step that I described, but I couldn’t find enough of information and I didn’t want to run in developing all of that if I had to rewrite everything in case that I neglected something.