Twitter oauth authorization in a pop-up instead of in main browser window

views:

668

answers:

+2 Q:

Twitter oauth authorization in a pop-up instead of in main browser window

I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:

TweetMeme has a Re-tweet twitter widget that publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet.

This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user.

The pop-up window looks like this:

http://twitpic.com/1kepcr

I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?

~~All they're doing is opening a page http://api.tweetmeme.com/share?url=someURL&source=tweetmeme in a new window (using target _blank), then starting the process from there.~~

EDIT: I was looking at the wrong retweet button. For your specific example, clicking the retweet button first opens Tweetmeme page http://tweetmeme.com/ajax/partial?... in a new window. Clicking yes then initiates the OAuth process by sending you (still in that window) to https://twitter.com/oauth/authenticate (with appropriate parameters).

Matthew Flaschen 2010-05-02 20:42:49

Yes but the most interesting thing, is when user login, and from that twitter page heshould be redirected to tweetmeme callback page. I can't get how the params sended to callback page are passed to the main page.

Manuel Bitto 2010-05-02 21:58:05

+2 A:

I think that the process is something like this (I assume that they have used php on server-side):

First it opens a jQuery-like popup, but it's not strictly related to twitter sign in functions. The real sign-in process begin when you confirm that popup, so it open new popup, with some php inside, that # hold a session. Those scripts ask to twitter the request tokens, using site's application params, and save them into $_SESSION array. If it's all-right, twitter send you to twitter authenticate page (https://twitter.com/oauth/authenticate), and after you have inserted your login params, twitter send you to the callback page defiend by that site. Here there is another php page that request access tokens, and save them into $_SESSION array. If it's all-right now the site has params that he needs for querying your profile, so last scripts inside popup refresh opener window (main site) and close himself. Now main window has all the interesting params inside $_SESSION array.

Check this useful library for all the server-side work.

Manuel Bitto 2010-05-02 23:52:42

ansaurus

tags:

views:

answers:

Twitter oauth authorization in a pop-up instead of in main browser window

related questions