Tuesday, September 20, 2022

[FIXED] Why an Facebook/Twitter app has to need 2 keys?

      , , ,      No comments   

Issue

I'm developing an mobile app on the iPhone. After creating an app on Facebook/Twitter, I received 2 keys:

  • Facebook call them as app ID and app Secret
  • Twitter call them as consumer Key and consumer Secret

When I use OAuth authorization as some tutorials on Google, my app must provide both keys to proceed. I'm confused as to why it needs 2 keys. As their names (id and secret), I guess that their roles is equal to public/private keys pair in Linux. But I must provide both 2 keys so that my app proceeds.

I want to place the secret key in my own Apache/PHP server, the secret place, not in my app's code. My app is only responsible for authorization, then my server proceed with other tasks, as posting,...


Solution

AppID is used for authentication, appSecrect is used for other tasks.

Consider these two documents of Facebook and Twitter about authentication for web app for more detail:

http://developers.facebook.com/docs/guides/web/#login

https://dev.twitter.com/docs/auth/oauth

Consider this flow for an implementation Facebook/Twitter app on mobile if you have an own server for the secret:

OAuth Twitter with only Consumer Key (not use Consumer Secret) on iPhone and android



Answered By - vietstone
Answer Checked By - Cary Denson (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...