Reputation: 176
Is Facebook/Twitter using oAuth for their own apps?
Are services like Facebook and twitter using the same oAuth mechanism for their own (mobile) apps as the rest of us? Or are the using some kind of "special mode" in oAuth which bypasses the permissions stuff etc. ?
Would really like to know how they are authenticating their users.
Upvotes: 3
Views: 702
Answers (4)
Reputation: 511
Facebook Connect is based on OAuth 2.0. In OAuth 2.0. SSL is required while signatures are not required for the actual API calls once the token has been generated. It has only one security token.
Twitter uses 1.0a. OAuth 1.0 requires client to send two security tokens for each API call, and use both to generate the signature.
Upvotes: 0
Reputation: 43816
Facebook's iPhone,Android,etc apps can log users in directly with username and password and create a new Facebook session directly, but other apps using the API need to use Oauth to get a user access token
If you're using android or iphone SDKs, this can be without the user needing to log in again, they simply need to authorise the app in a dialog, which is rendered by the Facebook app and uses the session created by the Facebook-supplied app
Upvotes: 1
Reputation: 83546
Facebook is not using oauth and have special login/private API for their own purposes. Only Facebook is 1st class citizen for these APIs and they don't need to bother with public APIs.
Upvotes: 1
Related Questions
- How does social oauth really works?
- Can google/twitter/facebook deny an app access to users who signed up using them
- Oauth - Facebook/ Twitter / Foursquare
- Oauth - Merging Accounts-Do Twitter and Facebook use same Oauth Id?
- OAuth (Twitter, Facebook, LinkedIn, etc) on Rails
- What is a Facebook/Twitter OAuth token internally?
- Is the Twitter client for Android using OAuth?
- Can Twitter consume OpenID for login?
- Does Twitter support the 2-legged oAuth protocol?
- Facebook Connect vs.Twitter OAuth - Security