Authentication/Auto-login with Twitter question.

Jun 26, 2012 at 3:18 PM

Hello,

In the application I am developing I am currently using the MVC authorization flow. Once a user authorizes the application I store their tokens in the database and make a cookie that stores the users unique identifier (a GUID) so that when they come back to the site I can pull these credentials back from the database.

As long as the user has their cookie it will automatically log them in, even if they aren't currently on twitter. This all seems to work great except if the user does NOT have the sites cookie it will ask the user to authorize the application again. I noticed that, on sites like klout.com, as long as you're logged into Twitter (from their site for example) the site will automatically log you in. Klout.com does not have a cookie itself as I've removed all cookies before logging in to twitter. I was wondering if anyone has any insight on how they accomplish this or if it is simply outside the scope of LinqToTwitter's MVCAuthorizer.

Any help or suggestions would be much appreciated.

Coordinator
Jun 28, 2012 at 3:32 AM

Hi Lanlost,

I don't know for sure what the other sites are using.  However, they might be using Sign-In With Twitter.  I've provided a SignInAuthorizer that you can try.  The source code includes a LinqToTwitterWebFormsDemo project (not loaded in the solution) that uses this.  I haven't tried it with MVC yet, but it shouldn't be too hard to get working.

Joe

Jul 26, 2012 at 3:14 PM
Edited Jul 26, 2012 at 8:34 PM

Tried out the webforms sample through an mvc view and the below code works, in wich i mean it authenticates but dont give an approve button every login:

public ActionResult AuthTwitter()
        {
            var _twitterService = new TwitterService();
            var auth = new SignInAuthorizer() { Credentials = _twitterService.GetCredentials(), PerformRedirect = authUrl => Response.Redirect(authUrl) };
            
            auth.CompleteAuthorization(Request.Url);
            if (!auth.IsAuthorized)
                auth.BeginAuthorization(new Uri(Request.Url.ToString()), false);

            //Do some stuff and must have a common return to appease the absence of return above
            return View(); //Or whatever
        }

Though a question here. The optimal would be to get rid of the response.redirect in constructor + able to either return BeginAuthorization or be able to read out the full redirecturl and redirect to the url instead. Perhaps someone can give me an example of a good practise to accomplish this(if possible without to much hassle)?

Jul 27, 2012 at 7:09 AM
Edited Jul 27, 2012 at 7:16 AM

The Service is just a class i stored the credentials at the time of this test. Sorry would perhaps be clearer to follow if i just added the Credentials directly in the code. Nevertheless this works fine, was just pondering about a way switching the response.redirect for a standard return like for example if i where to use your MvcAuthorizer instead of a SignInAuthorizer.

Coordinator
Jul 27, 2012 at 3:57 PM

I'm following you now - sounds like a MvcSignInAuthorizer and/or MvcSignInActionResult would be a good approach.

Joe

Jul 27, 2012 at 4:56 PM
Yes, I know what the problem is. It's actually really simple. Give me until I'm on my lunch at work and I'll reply with some information for you.

On Thu, Jul 26, 2012 at 10:14 AM, Baseless <notifications@codeplex.com> wrote:

From: Baseless

Does anyone have any answers to this? Im new to l2t and think ive found answers to moste of my questions regarding this except for this (big) issue.

If you use twitter as a login provider then you will not know whos logged in(and thus cannot get their stored keys from db) but want them to get automatically authenticated without having to reapprove the same application every time they do a new login.

For example if you do a twitter login wich in turn creates the formsauthentication session based on the users local account.

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Jul 27, 2012 at 9:50 PM
JoeMayo wrote:

I'm following you now - sounds like a MvcSignInAuthorizer and/or MvcSignInActionResult would be a good approach.

Joe

I actually searched  a bit yesterday  but it seemed the options where SignIn, SingleUser, Mvc and Web. Are you hinting that creating a custom authorizer would be my best approach? Or have i missed an existing authorizer? Just so that were on the same level. 

PS: Lanlost: if you have a clever solution i am ofcourse greatful if you share.

Coordinator
Jul 27, 2012 at 10:07 PM

Yes, I'm thinking it would be a new custom authorizer.  However, I'd be interested in seeing what Lanlost comes up with. 

Joe

Jul 30, 2012 at 6:19 PM
I'm still here by the way. I just got side-tracked and apologize for that. As soon as I get off work in a few hours (5:00pm, it's 1:18pm here now) I will put together a post for you.

On Fri, Jul 27, 2012 at 5:07 PM, JoeMayo <notifications@codeplex.com> wrote:

From: JoeMayo

Yes, I'm thinking it would be a new custom authorizer. However, I'd be interested in seeing what Lanlost comes up with.

Joe

Read the full discussion online.

To add a post to this discussion, reply to this email (LinqToTwitter@discussions.codeplex.com)

To start a new discussion for this project, email LinqToTwitter@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Aug 2, 2013 at 9:10 AM
Edited Aug 2, 2013 at 9:11 AM
Hey Joe,

Did this ever get resolved/fixed?

If not, I can definitely post the code here tomorrow. I am SO sorry that has taken this long. The project I was working on was wrapped up and I was suddenly on a new project and being bombarded with lots of new design info and sleepless nights (albeit, awesome ones. I'm sure you know what it's like.)

I don't have the code on me right now but it's definitely something that should be changed in the LinqToTwitter codeset itself. Just let me know and I will absolutely make the post tomorrow.

Thanks,
Brent

(And sorry again for forgetting. This project is absolutely awesome by the way. I'll have to figure out how to make a monetary contribution.)
Coordinator
Aug 3, 2013 at 4:56 AM
Lanlost,

I know how that goes. I haven't done anything in this area. You're welcome to do a pull request. I don't have anything set up for donations, but Twitter follows, retweets, and any other social media attention for LINQ to Twitter is always appreciated.

@JoeMayo