Issue
I'm developing an mobile app on the iPhone. After creating an app on Facebook/Twitter, I received 2 keys:
- Facebook call them as app ID and app Secret
- Twitter call them as consumer Key and consumer Secret
When I use OAuth authorization as some tutorials on Google, my app must provide both keys to proceed. I'm confused as to why it needs 2 keys. As their names (id and secret), I guess that their roles is equal to public/private keys pair in Linux. But I must provide both 2 keys so that my app proceeds.
I want to place the secret key in my own Apache/PHP server, the secret place, not in my app's code. My app is only responsible for authorization, then my server proceed with other tasks, as posting,...
Solution
AppID is used for authentication, appSecrect is used for other tasks.
Consider these two documents of Facebook and Twitter about authentication for web app for more detail:
http://developers.facebook.com/docs/guides/web/#login
https://dev.twitter.com/docs/auth/oauth
Consider this flow for an implementation Facebook/Twitter app on mobile if you have an own server for the secret:
OAuth Twitter with only Consumer Key (not use Consumer Secret) on iPhone and android
Answered By - vietstone Answer Checked By - Cary Denson (PHPFixing Admin)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.