there is no practical way that i can see or have read about that lets you authenticate using oauth without making the user leave the app or have to write the pin down before they can post an update..... is there maybe another Rest API that i missed?
views:
741answers:
4is it possible to authenticate with oauth, on the iphone, without making the user enter a pin?
Yup. What you can do is register a custom URI scheme with your application and use it in the oauth_callback parameter. This saves you from having to use out-of-band callback configuration, which requires the user to manually enter a verifier, as you describe.
Details on registering a custom URI scheme for your app here:
http://iphonedevelopertips.com/cocoa/launching-your-own-application-via-a-custom-url-scheme.html
Edited - Elaborating
Using a custom URI scheme, you can instruct an OAuth Service Provider to 'call back' to your iPhone application when a user authorizes a Request Token. This is an alternative to the cumbersome "out-of-band callback" workflow that requires a user to authorize a Request Token, and then be given a verifier code that they manually enter via your application. It is also more analogous to how Web Applications that use OAuth behave.
The steps involved in using a URI scheme would be the following:
- Using the above link as a guide, bind a custom URI scheme to your iPhone application (i.e. "myapp://").
- When requesting a Request Token from the OAuth Service Provider, provide a URI that uses your custom scheme as the value of the 'oauth_callback' parameter. For example, oauth_callback=myapp://oauth/callback
- When you get a Request Token, direct the user to the Service Providers authorization endpoint URL via the browser (launch Safari, send the user to http://example.com/oauth/authorize?oauth_token=token).
- If the user chooses to authorize the Request Token, the Service Provider will redirect them (usually via a 301 HTTP Status header) to the URI you provided in step # 2.
- Safari will recognize that the URI uses a scheme that is bound to your application and launch your app.
- When the callback is called (again, see the above linked guide for details) you will be able to exchange the authorized OAuth Request Token for an Access Token.
- Finally, with an Access Token you will be able to access Protected Resources from the OAuth Service Provider.
Does that make more sense?
this is why it wont work...
April 23, 2009 Deprecated (REST): Support for the oauth_callback parameter has been removed due to security vulnerability. (discussion)
you have to manually set the callback URL in your application settings
Will facebook supports the custom URL scheme in oAuth redirect URI ?