-
Notifications
You must be signed in to change notification settings - Fork 448
Advanced Setup
OAuth Echo </oauth/echo> is a means to securely delegate OAuth authorization with a third party while interacting with an API.
For example, you may wish to verify a user's credentials from your app's server (the third party) rather than your app.
The TWTRCoreOAuthSigning
protocol provides a convenient
way to generate authorization headers for a user session. In TwitterKit,
the TWTROAuthSigning
class conforms to this protocol. It
relies on the application auth config as well as a Twitter user session.
The TWTRAuthConfig
object encapsulates the credentials to
identify your Twitter application. You can get this object from the
Twitter class (see code examples below)
A TWTRAuthSession
object represents the user credentials
of a Twitter user session. The TWTRSession
class conforms
to this protocol.
With a Twitter session:
// Objective-C
// Instantiates TWTROAuthSigning
TWTROAuthSigning *headerSigner = [[TWTROAuthSigning alloc] initWithAuthConfig:[Twitter sharedInstance].authConfig authSession:[Twitter sharedInstance].sessionStore.session];
// Swift
// Instantiates TWTROAuthSigning
if let session = TWTRTwitter.sharedInstance().sessionStore.session() as? TWTRSession {
let headerSigner = TWTROAuthSigning(authConfig: TWTRTwitter.sharedInstance().authConfig, authSession: session)
// Get header parameters for request
}
The easiest way to use OAuth Echo is by generating the authorization headers in the client. Use these headers to make a request to verify_credentials </rest/reference/get/account/verify_credentials> from outside the app.
// Objective-C
NSDictionary *authHeaders = [oauthSigning OAuthEchoHeadersToVerifyCredentials];
// Swift
let authHeaders = oauthSigning.OAuthEchoHeadersToVerifyCredentials()
The authHeaders
dictionary contains the
x-auth-service-provider
(defined in the
TWTROAuthEchoRequestURLStringKey
constant) and
x-verify-credentials-authorization
(defined in the
TWTROAuthEchoAuthorizationHeaderKey
constant) keys. Your
backend should take the OAuth signature in
x-verify-credentials-authorization
, and use it to set the
authorization
header for a request to the URL in
x-auth-service-provider
.
// Objective-C
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://api.yourbackend.com/check_credentials"]];
request.allHTTPHeaderFields = authHeaders;
// Swift
let request = NSMutableURLRequest(url: NSURL(string: "http://api.yourbackend.com/check_credentials"))
request.allHTTPHeaderFields = authHeaders