推特 API 身份验证
Twitter API Authentication
我正在尝试进行 iOS 开发。我正在为自己创建一个应用程序(不会发布),它被简化了,从用户那里获取查询输入并使用该查询通过 Twitter 进行搜索。
我可以使用 UIWebView,但我想改用 Twitter 的 REST API,以熟悉 API 的工作原理。但是,我无法让它工作,因为 twitter 的 API 需要身份验证(我很少理解的东西)。
身份验证是如何工作的,我可以对我自己使用的应用程序进行身份验证吗?
Twitter 用户 OAUTH2。基本上是这样的:
+--------+ +---------------+
| |--(A)- Authorization Request ->| Resource |
| | | Owner |
| |<-(B)-- Authorization Grant ---| |
| | +---------------+
| |
| | +---------------+
| |--(C)-- Authorization Grant -->| Authorization |
| Client | | Server |
| |<-(D)----- Access Token -------| |
| | +---------------+
| |
| | +---------------+
| |--(E)----- Access Token ------>| Resource |
| | | Server |
| |<-(F)--- Protected Resource ---| |
+--------+ +---------------+
Figure 1: Abstract Protocol Flow
The abstract OAuth 2.0 flow illustrated in Figure 1 describes the
interaction between the four roles and includes the following steps:
(A) The client requests authorization from the resource owner.
The
authorization request can be made directly to the resource owner
(as shown), or preferably indirectly via the authorization
server as an intermediary.
(B) The client receives an authorization grant, which is a
credential representing the resource owner's authorization,
expressed using one of four grant types defined in this
specification or using an extension grant type. The
authorization grant type depends on the method used by the
client to request authorization and the types supported by the
authorization server.
(C) The client requests an access token by authenticating with the
authorization server and presenting the authorization grant.
(D) The authorization server authenticates the client and
validates
the authorization grant, and if valid, issues an access token.
以上摘自spec
请通读this . There are already sample code in various languages there. And here is a sample code for iphone/ipad
我正在尝试进行 iOS 开发。我正在为自己创建一个应用程序(不会发布),它被简化了,从用户那里获取查询输入并使用该查询通过 Twitter 进行搜索。
我可以使用 UIWebView,但我想改用 Twitter 的 REST API,以熟悉 API 的工作原理。但是,我无法让它工作,因为 twitter 的 API 需要身份验证(我很少理解的东西)。
身份验证是如何工作的,我可以对我自己使用的应用程序进行身份验证吗?
Twitter 用户 OAUTH2。基本上是这样的:
+--------+ +---------------+
| |--(A)- Authorization Request ->| Resource |
| | | Owner |
| |<-(B)-- Authorization Grant ---| |
| | +---------------+
| |
| | +---------------+
| |--(C)-- Authorization Grant -->| Authorization |
| Client | | Server |
| |<-(D)----- Access Token -------| |
| | +---------------+
| |
| | +---------------+
| |--(E)----- Access Token ------>| Resource |
| | | Server |
| |<-(F)--- Protected Resource ---| |
+--------+ +---------------+
Figure 1: Abstract Protocol Flow
The abstract OAuth 2.0 flow illustrated in Figure 1 describes the
interaction between the four roles and includes the following steps:(A) The client requests authorization from the resource owner. The authorization request can be made directly to the resource owner (as shown), or preferably indirectly via the authorization server as an intermediary.
(B) The client receives an authorization grant, which is a credential representing the resource owner's authorization, expressed using one of four grant types defined in this specification or using an extension grant type. The authorization grant type depends on the method used by the client to request authorization and the types supported by the authorization server.
(C) The client requests an access token by authenticating with the authorization server and presenting the authorization grant.
(D) The authorization server authenticates the client and validates the authorization grant, and if valid, issues an access token.
以上摘自spec
请通读this . There are already sample code in various languages there. And here is a sample code for iphone/ipad