OAuth.io

I found this web service called OAuth.io a while ago, and I’ve been wanting to play with it - finally found time today :slight_smile:

Here’s some code that lets you sign into Twitter from an agent (note, this doesn’t appear to work on mobile devices). Once you’re signed in, you could do things like tweet, read the user’s timeline, DM’s, etc. This is cool because it makes it so that you don’t need to hard code Access Tokens and Secrets, meaning anyone could sign into the agent (so you could use this for a project that’s more than just a one-off).

Once I clean it up some more I’ll move it to the electricimp/reference repo, but I figured I would post what I have now for any brave souls who want to try and make sense of it :slight_smile:

I guess you could use this to authenticate an user to an agent hosted web page, right? Trying to think how that would work. You could redirect, and then callback with an access token. You wouldn’t know what the token was though, right? I guess if it was authenticated, you could just give access to the page.

Or rather, you would send it your public key, and it would send back your private key? Then you could validate the private key at the agent?

Looks very impressive, but I’m all new to this (Twitter dev). How do I use it?

@DolfTraanberg - I’m not 100% sure yet :slight_smile:

If you run this code, it basically provides a couple webpages that let you log using via Twitter (Oauth.io also easily enables you to use any number of other OAuth providers as well).

Logging in essentially provides the user’s access token, which allows you to do things on their behalf (tweet, read their feed, direct messages, etc).

You could also use the returned token as a general user token to identify the current user and tie it to a user account to save preferences, etc. This would allow a user to “log in” to something like a coffee machine, and have it automagically load their preferences, etc.

This code is really just the first step - I’m going to play around with this example some more - and I encourage other people to as well :slight_smile:

I’m trying to set up a Google OAuth. I can successfully test it on OAuth.io, but I get
"Domain name does not match any registered domain on oauth.io" when I attempt to authenticate. I have agent.electricimp.com and electricimp.com listed under domains.

Ok, I think I solved that. I had to put “https://agent.electricimp.com/” under Domains available.

Now getting Error, something went wrong, and then it pops me back to the login page.