1

At the moment I have a webapp which offers username/password login or login via Twitter OAuth. I want to add an REST API for this application. Is it possible (and makes it sense) to offer an OAuth login via Twitter for REST API users? Inspired by this post I think about the following authentication flow. Users can login via HTTP authentication AND/OR OAuth:

I created a sample workflow for this problem: https://i.sstatic.net/EM446.png

Improve this question

1 Answer 1

Reset to default
0

As mentioned in the post you referenced about the authentication flow, you should be looking at OpenID, not OAuth.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

1. I post information on the users twitter account. So i need OAuth. 2. I analysed a lot of APIs and NONE of them uses OpenID. I admit that for a lot of them OpenID should be enough.
Then I'm confused about what you're asking for. The protocol used to allow users to log into your site with their Twitter Account is OpenID. The protocol used for allowing your application to post data to a user's Twitter account is OAuth. If you want to do both (logging in and posting) then you need to use both.
No that's wrong. ;-) OAuth implicitly contains a method to authenticate users in order to authorize consuming applications to access the user's data. OpenID only supports authorization. And Twitter API doesn't support OpenID by the way. Hmm I will implement and prototype and look, if it's working.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.