I'm working on an iPhone app that ideally uses OAuth to communicate with Twitter. I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
我正在开发一款理想情况下使用OAuth与Twitter通信的iPhone应用程序。我知道有很多人使用UIWebView在他们的应用程序内部进行OAuth工作流程,但我不同意这一点,并采用Pownce方法。
The problem is, Twitter has this whole scheme for working with desktop apps, using a pin number. When I register my app with Twitter, they have a web form asking me if I'm a desktop or web client. If I choose desktop client, when I try to have the user authorize, I can set the oauth_callback parameter but Twitter will ignore it after authorization and show a pin number. If, on twitter's form, I specify that I'm a web client, it requires me to enter a URL to redirect to after authorization. And, since I'm using an iPhone app-specific url scheme, their web form fails on validation as it only seems to accepts URLs conforming to the HTTP protocol.
问题是,Twitter有使用引脚号码处理桌面应用程序的整个方案。当我在Twitter上注册我的应用程序时,他们有一个Web表单,询问我是否是桌面或Web客户端。如果我选择桌面客户端,当我尝试让用户授权时,我可以设置oauth_callback参数,但Twitter会在授权后忽略它并显示一个密码。如果在twitter的表单上,我指定我是一个Web客户端,它要求我在授权后输入一个重定向到的URL。而且,由于我正在使用特定于iPhone应用程序的URL方案,因此它们的Web表单在验证时失败,因为它似乎只接受符合HTTP协议的URL。
So, it seems like I'm stuck - I can't say "desktop" because I don't want to bother with a pin, and I can't say "web" or I can't use an iPhone app URL. Any solution to this?
所以,似乎我被卡住了 - 我不能说“桌面”,因为我不想打扰别针,我不能说“网络”或我不能使用iPhone应用程序URL。对此有何解决方案?
4 个解决方案
#1
From your question:
从你的问题:
I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
我知道有很多人使用UIWebView在他们的应用程序内部进行OAuth工作流程,但我不同意这一点,并采用Pownce方法。
The Pownce article suggests that quitting your application and opening Mobile Safari to perform the authentication step is problematic, and that they started receiving bad reviews from users for doing it that way. They also experienced a failure rate of around 40%.
Pownce文章建议退出您的应用程序并打开Mobile Safari来执行身份验证步骤是有问题的,并且他们开始接受用户的错误评论以便这样做。他们的失败率也在40%左右。
Pownce's solution is to use a UIWebView within your application instead, so I have a feeling you may have misinterpreted their recommendations. That being said, they do label this as a "naive" solution and go on to suggest a bunch of theoretical "ideal" solutions.
Pownce的解决方案是在您的应用程序中使用UIWebView,因此我觉得您可能误解了他们的建议。话虽如此,他们确实将此标记为“天真”的解决方案,并继续提出一堆理论上的“理想”解决方案。
Another point you might not realise is that desktop applications (using the "out of band" / pin number method) and web applications need to open the Twitter site in either an embedded or external browser.
您可能没有意识到的另一点是桌面应用程序(使用“带外”/密码方法)和Web应用程序需要在嵌入式或外部浏览器中打开Twitter站点。
So you've got two choices on the iPhone:
所以你在iPhone上有两个选择:
- Open up twitter.com in a UIWebView, specifying no
oauth_callbackparameter oroauth_callback=oobto start the pin-based out-of-band flow. The user then needs to copy the pin using the iPhone's copy-paste functionality, manually close the UIWebView, and paste the pin into your application. The pin can then be used converted to an access token. - Do it how everyone else is doing it (UIWebView +
custom-uri://foo.barin the callback parameter).
在UIWebView中打开twitter.com,指定no oauth_callback参数或oauth_callback = oob以启动基于引脚的带外流。然后,用户需要使用iPhone的复制粘贴功能复制引脚,手动关闭UIWebView,并将引脚粘贴到您的应用程序中。然后可以将该引脚转换为访问令牌。
做其他人如何做它(回调参数中的UIWebView + custom-uri://foo.bar)。
For obvious reasons, the first option is pretty crap and really only useful on platforms where Twitter is unable to redirect to a custom URI.
出于显而易见的原因,第一个选项很糟糕,只有在Twitter无法重定向到自定义URI的平台上才有用。
#2
A simple solution may be to create an HTTP page that always sends a 301 redirect to your custom URL scheme and then provide that HTTP URL to the twitter web API.
一个简单的解决方案可能是创建一个HTTP页面,该页面始终将301重定向发送到您的自定义URL方案,然后将该HTTP URL提供给Twitter Web API。
Aside from that, Nathan's answer is very complete.
除此之外,内森的答案非常完整。
#3
Here's how I do it: tell Twitter you're a web app, and make up any old HTTP:// URL to satisfy Twitter during registration of your oauth client.
我是这样做的:告诉Twitter你是一个网络应用程序,并在注册你的oauth客户端时构成任何旧的HTTP:// URL来满足Twitter。
Then in your app, pass the URL you want to in the callback parameter. Twitter (in my experience) uses the one you give it.
然后在您的应用中,在回调参数中传递您想要的URL。 Twitter(根据我的经验)使用你提供的那个。
#4
You could use an intermediate website for the authentication. Your app creates a unique id (hardware based?) and stores it. It then records it has sent the user for authentication and sends the unique id to your website. It then redirects the user to your website. Your website then sends the user to Twitter using oAuth. The user returns to your website and you mark the unique id as authenticated and store the authentication information. The user restarts the app on the iPhone, it reads it has sent the user for authentication and contacts your website with the unique id - and reads in the authentication information.
您可以使用中间网站进行身份验证。您的应用会创建一个唯一ID(基于硬件?)并存储它。然后它记录它已经发送给用户进行身份验证并将唯一ID发送到您的网站。然后,它会将用户重定向到您的网站。然后,您的网站使用oAuth将用户发送到Twitter。用户返回到您的网站,并将唯一ID标记为已验证并存储身份验证信息。用户重新启动iPhone上的应用程序,它会读取已发送用户进行身份验证并使用唯一ID与您的网站联系 - 并读取身份验证信息。
Long winded and needs another website, but it should work.
漫长的啰嗦,需要另一个网站,但它应该工作。
#1
From your question:
从你的问题:
I know a lot of people are doing the OAuth workflow inside of their apps using a UIWebView, but I don't agree with that and am going with the Pownce approach.
我知道有很多人使用UIWebView在他们的应用程序内部进行OAuth工作流程,但我不同意这一点,并采用Pownce方法。
The Pownce article suggests that quitting your application and opening Mobile Safari to perform the authentication step is problematic, and that they started receiving bad reviews from users for doing it that way. They also experienced a failure rate of around 40%.
Pownce文章建议退出您的应用程序并打开Mobile Safari来执行身份验证步骤是有问题的,并且他们开始接受用户的错误评论以便这样做。他们的失败率也在40%左右。
Pownce's solution is to use a UIWebView within your application instead, so I have a feeling you may have misinterpreted their recommendations. That being said, they do label this as a "naive" solution and go on to suggest a bunch of theoretical "ideal" solutions.
Pownce的解决方案是在您的应用程序中使用UIWebView,因此我觉得您可能误解了他们的建议。话虽如此,他们确实将此标记为“天真”的解决方案,并继续提出一堆理论上的“理想”解决方案。
Another point you might not realise is that desktop applications (using the "out of band" / pin number method) and web applications need to open the Twitter site in either an embedded or external browser.
您可能没有意识到的另一点是桌面应用程序(使用“带外”/密码方法)和Web应用程序需要在嵌入式或外部浏览器中打开Twitter站点。
So you've got two choices on the iPhone:
所以你在iPhone上有两个选择:
- Open up twitter.com in a UIWebView, specifying no
oauth_callbackparameter oroauth_callback=oobto start the pin-based out-of-band flow. The user then needs to copy the pin using the iPhone's copy-paste functionality, manually close the UIWebView, and paste the pin into your application. The pin can then be used converted to an access token. - Do it how everyone else is doing it (UIWebView +
custom-uri://foo.barin the callback parameter).
在UIWebView中打开twitter.com,指定no oauth_callback参数或oauth_callback = oob以启动基于引脚的带外流。然后,用户需要使用iPhone的复制粘贴功能复制引脚,手动关闭UIWebView,并将引脚粘贴到您的应用程序中。然后可以将该引脚转换为访问令牌。
做其他人如何做它(回调参数中的UIWebView + custom-uri://foo.bar)。
For obvious reasons, the first option is pretty crap and really only useful on platforms where Twitter is unable to redirect to a custom URI.
出于显而易见的原因,第一个选项很糟糕,只有在Twitter无法重定向到自定义URI的平台上才有用。
#2
A simple solution may be to create an HTTP page that always sends a 301 redirect to your custom URL scheme and then provide that HTTP URL to the twitter web API.
一个简单的解决方案可能是创建一个HTTP页面,该页面始终将301重定向发送到您的自定义URL方案,然后将该HTTP URL提供给Twitter Web API。
Aside from that, Nathan's answer is very complete.
除此之外,内森的答案非常完整。
#3
Here's how I do it: tell Twitter you're a web app, and make up any old HTTP:// URL to satisfy Twitter during registration of your oauth client.
我是这样做的:告诉Twitter你是一个网络应用程序,并在注册你的oauth客户端时构成任何旧的HTTP:// URL来满足Twitter。
Then in your app, pass the URL you want to in the callback parameter. Twitter (in my experience) uses the one you give it.
然后在您的应用中,在回调参数中传递您想要的URL。 Twitter(根据我的经验)使用你提供的那个。
#4
You could use an intermediate website for the authentication. Your app creates a unique id (hardware based?) and stores it. It then records it has sent the user for authentication and sends the unique id to your website. It then redirects the user to your website. Your website then sends the user to Twitter using oAuth. The user returns to your website and you mark the unique id as authenticated and store the authentication information. The user restarts the app on the iPhone, it reads it has sent the user for authentication and contacts your website with the unique id - and reads in the authentication information.
您可以使用中间网站进行身份验证。您的应用会创建一个唯一ID(基于硬件?)并存储它。然后它记录它已经发送给用户进行身份验证并将唯一ID发送到您的网站。然后,它会将用户重定向到您的网站。然后,您的网站使用oAuth将用户发送到Twitter。用户返回到您的网站,并将唯一ID标记为已验证并存储身份验证信息。用户重新启动iPhone上的应用程序,它会读取已发送用户进行身份验证并使用唯一ID与您的网站联系 - 并读取身份验证信息。
Long winded and needs another website, but it should work.
漫长的啰嗦,需要另一个网站,但它应该工作。