Exchange Twitter OAuth credentials for site credentials

0
votes

Background

I've made a web app. I log in to the web app using Sign in with Twitter. When the OAuth dance is done, I store these things about the user in the database:

  • The user's Twitter user ID
  • The user's OAuth token and OAuth token secret
  • A newly randomly generated token that I store in the user's browser as a cookie

Anytime the user visits the app and has the right cookie set, that user is signed into my web app as the correct user.

Problem

I'm now trying to build a mobile app that communicates with my web app through a RESTish API. I'd like to have a similar authentication scheme as the web app where requests from the mobile app include the same randomly generated token.

Twitter's SDK will handle Sign in with Twitter, at the end of which I'll have an OAuth token, an OAuth token secret, and the user's Twitter user ID. What's the best way to use these Twitter credentials to prove to my own server that I'm signed in as that Twitter user? My plan is that once I've proven this, I can have the server send me the generated token.

1
authenticationmobiletwitteroauth

1 Answers

1
votes

Assuming that you also have access to the consumer_key and consumer_secret on the server side, you can just send over the access token and have the server call the verify_credentials Twitter API with it: https://api.twitter.com/1.1/account/verify_credentials.json.