Selecting correct authentication method for client


#1

Hi,

So I have a simple question. My task is to make a very minimalistic Twitter client, that only needs to post new status updates (current requirement). The application cannot use web browser during the authentication process (as I understood, OAuth flow directs me at some point to Twitter URL where I sign in and approve my app.) So is it somehow possible to use OAuth without directing the user to Twitter.com for authorization, for example by using PIN based authorization (by doing the authorization part behind the scenes for the user -> user just gives Username and Password in the client to log in)? Or is xAuth the only possible way to sign in with using only the Username and Password? And how easy it actually is to get the privileges to use xAuth if that is what my app needs?

Hopefully I got the terms right and someone understands what I’m asking :slight_smile:


#2

Out-of-band OAuth is certainly an option, if you can be assured your user can get to a web browser to complete the steps in a timely fashion.

xAuth still requires a live internet connection from the device, which I assume you’ll have if you’re able to make API requests. The [node:136] docs speak more on how you obtain xAuth permissions. It sounds like it may be the simplest solution for you to use.


#3

Thx for the answer. I guess I’m going to be using xAuth as the authentication method since the application actually doesn’t have access to a web browser at any time. I’ll be having live internet connection though so that’s not going to be a problem.