Twitter API Wiki / Sign in with Twitter

Facebook Connect has definitely been a blessing for handling user authentication on various forms of web2.0 applications and websites.  I have used Facebook Connect on several of my personal projects as well as things we develop for our clients.

With the popularity of Twitter, I figured it would only be a short period of time before users of this popular microblogging social netework would be able to carry their Twitter logins with them to the websites they visit.  Here’s a little bit of information how the Twitter API works to accomplish this:

Sign in with Twitter is the pattern of authentication that allows users to connect their Twitter account with third-party services in as little is one click. It utilizes OAuth and although the flow is very similar, the authorization URL and workflow differs slightly as described below.

The normal flow dictates that applications send request tokens to oauth/authorize in Twitter’s implementation of the OAuth Specification. To take advantage of Sign in with Twitter, applications should send request tokens in the oauth_token paramater to oauth/authenticate instead.

The oauth/authenticate method will perform the following:

  1. If the user is logged into Twitter.com and has already approved the calling application, the user will be immediately authenticated and returned to the callback URL.
  2. If the user is not logged into Twitter.com and has already approved the calling application, the user will be prompted to login to Twitter.com then will be immediately authenticated and returned to the callback URL.
  3. If the user is logged into Twitter.com and has not already approved the calling application, the OAuth authorization prompt will be presented. Authorizing users will then be redirected to the callback URL.
  4. If the user is not logged into Twitter.com and has not already approved the calling application, the user will be prompted to login to Twitter.com then will be presented the authorization prompt before redirecting back to the callback URL.

This behavior is explained in the following flowchart:

Peter Denton has created a number of buttons to make this experience easy and beautiful.

This is something that I am likely going to devote some time to in the next few months so stay tuned for more information on this plugin

Twitter API Wiki / Sign in with Twitter

Google+

Comments

comments

  • http://www.facebook.com/profile.php?id=1248148344 Tek Rumeli

    Thank you for this.

  • brianellin

    Cotton, You can use both Facebook Connect and Twitter Sign-in in a single integration using the RPX API. It also does Google, MySpace, Yahoo, and OpenID authentication. Check it out: http://rpxnow.com/

  • http://www.cottonrohrscheib.com Cotton Rohrscheib

    Very Slick Brian, thanks for posting, will check that out. Is there a wordpress plugin available as of yet for authentication?