1

At the moment I have a webapp which offers username/password login or login via Twitter OAuth. I want to add an REST API for this application. Is it possible (and makes it sense) to offer an OAuth login via Twitter for REST API users? Inspired by this post I think about the following authentication flow. Users can login via HTTP authentication AND/OR OAuth:

I created a sample workflow for this problem: https://i.stack.imgur.com/EM446.png

Community
  • 1
  • 1
Ginkgochris
  • 455
  • 4
  • 25

1 Answers1

0

As mentioned in the post you referenced about the authentication flow, you should be looking at OpenID, not OAuth.

Mark S.
  • 3,849
  • 4
  • 20
  • 22
  • 1. I post information on the users twitter account. So i need OAuth. 2. I analysed a lot of APIs and NONE of them uses OpenID. I admit that for a lot of them OpenID should be enough. – Ginkgochris Nov 22 '11 at 08:47
  • Then I'm confused about what you're asking for. The protocol used to allow users to log into your site with their Twitter Account is OpenID. The protocol used for allowing your application to post data to a user's Twitter account is OAuth. If you want to do both (logging in and posting) then you need to use both. – Mark S. Nov 22 '11 at 15:55
  • No that's wrong. ;-) OAuth implicitly contains a method to authenticate users in order to authorize consuming applications to access the user's data. OpenID only supports authorization. And Twitter API doesn't support OpenID by the way. Hmm I will implement and prototype and look, if it's working. – Ginkgochris Nov 24 '11 at 09:35