I have an application that will upload media on behalf of a user. It works great, aside from the authentication. I’m trying to have the app run through if the user has already authorized the app previously, but my app asks for permission every time. I am using the authenticate call instead of authorize and my application is set to allow sign-in with twitter. It appears that these are the two requirements for doing this, yet I’m still asked to authorize every time.
Please see this announcement: Recent changes to Twitter’s OAuth login flow and API endpoints
Thank you for the quick reply!
I’m posting this here because it relates to the issue mentioned above…
How can I check who is currently signed into twitter? For example, I am trying a work-around for the new authentication requirements that would store a users oauth tokens in a database when they authorize the application and then I would fetch them and attempt to verify the credentials. My question is if a user is signed into twitter and comes to my website, how can I see the username or some other identifying feature? That way I can just check if I have their credentials already stored before asking them for permission again.
To identify a user with Twitter you have to perform the 3-legged OAuth flow. POST oauth/request_token, GET oauth/authorize, and POST oauth/access_token. POST oauth/access_token will return the userId of the user who just authorized.
At this point you’ll want to hand off identity to your own application’s user and session management. As long as that session is active they are associated with that Twitter identity. If the session expires they’ll have to go through the 3-legged OAuth flow again.