Bump?
I came back to this, because I have to make it work now.
How come everyone got at least some response for questions in this community except me? I feel rejected 
Ok, maybe I wasn’t clear enough.
I have a web app, which has to obtain access rights at one step, before the User can continue further.
At one point, my app requests Facebook and Linkedin authorizations and the User authorizes them. During that time, there’s a spinning circle indicating the progress. Everything happens in small popups and everything is processed in async callbacks. Thus, my app knows when it’s all finished and can continue to the next route (notice it’s a SPA).
Regarding the Twitter OAuth, there’s a little catch.
The callback url.
For example, in Android/iOS apps, you can provide scheme://host as a callback URL, and the Twitter OAuth API will call back an app with oauth_verifer ( scheme://host?oauth_token=1xx&oauth_verifer=1234 ). Android/iOS apps can then catch it and make another request to obtain the access_token. The whole time, there’s a chain of callbacks going on.
In the case of web apps, I cannot provide such things as the scheme:://host callback URL. I can only provide a real URL which may or may not process the oauth_verifier right away. What happens next is that my app has to listen if the popup window is closed, and then check the database if there’s a valid access_token stored for my User, or simply poll the database during the whole process and checking everytime if there’s a freshly generated access_token.
Here, I found that one guy is actually doing the same thing - http://clarkdave.net/2012/10/2012-10-30-twitter-oauth-authorisation-in-a-popup/ - He polls the popup window in a setInterval and checks if it’s closed or not. Later he also polls his own backend and checks if the database has a record of a valid access_token for a user.
Is this the only way of doing it in a modern web SPA? Anyone?
