Reputation: 23935
Twitter and Reverse Authentication
I want to use Twitter to sign on in an iOS application. Once the user has authenticated with Twitter I want to pass these credentials to a server in order to match these with a user profile stored in a database.
I can comunicate with my server over https, but this still doesn't tell me that the credentials I am being passed from the app are:
- Coming from the app - as someone else could start a secure session with my service
- Have valid credentials - that the credentials are an actual signed in twitter account and not just some made up numbers (keys etc)
Do I need to implement reverse authentication to provide a method to do this securely? (If not what method should I use to know that the information provided is correct)
Upvotes: 0
Views: 223
Answers (1)
Reputation: 6921
I think the methodology is once you got the token/secret from the iOS client is to call the GET account/verify_credentials, then you get the user account and you can compare twitter user id or name with the one stored on your user profiles.
Upvotes: 2
Related Questions
- Twitter iOS User Login
- Twitter Reverse Auth iPhone
- iOS Twitter Reverse OAuth
- iOS - Twitter integration 1.1 oauth
- Twitter reverse auth error
- Twitter Authorization Login
- iOS Twitter Integration
- Reverse Auth and Twitter SSO in iOS5
- ios5 reverse auth twitter empty response
- iOS - Using Twitter Reverse auth in app which doesn't use ARC