iphonetwitteroauthxauth

Best practice for Twitter login on iOS5 (xAuth or oAuth with Twitter Framework?)


I want to get timeline from twitter account, and I need to create the login part. I want to ask what is the best practice for that.

iOS5 twitter api doesn't let me create custom login screen, the user need to go to the setting and get back to my app manually. So, I believe I'd better to use xAuth on login screen.



1.Question

Can I still use twitter framework api on iOS5, even if I use a custom xAuth login feature using library like XAuthTwitterEngine?

initWithOAuthToken:tokenSecret: seems like the one to accomplish this.

If so, I think I can use this method with oAuth login too.


2.Question

If you don't need an access to DM, you'd still better to use xAuth, right?

I didn't understand why lots of twitter clients still use oAuth even though xAuth works better on iPhone until I found out you can't access to users DM with xAuth.

But, my app doesn't need to access DM, so I guess xAuth is the way to go.


I believe this is the good login pattern for iOS5.

Login pattern on iOS5

If users already signed in twitter account on iOS setting, it shows the account, so users don't need to login.

If users is not signed in twitter account on iOS setting, you can login within my app using xAuth like official twitter iPhone app.

MugunthKumar/RSOAuthEngine looks nice to do the above even through it doesn't support xAuth.


Solution

  • 1.Question

    It seems that you can use initWithOAuthToken:tokenSecret: on ACAccount with xAuth only. But, it's much difficult to get xAuth access from Twitter nowadays.

    2.Question

    If I use oAuth and let users to login via safari, users don't need to give their account information to developers. This is more secure for users, and developers don't need to have a burden for important login information of users.

    In terms of this security point, it looks like that using iOS5 twitter login account on IOS settings is best option. But, unfortunately you can't let users to jump to settings of iOS from iOS5.1 unless you show the tweet screen.

    Conclusion

    Since my app supports only iOS5 or higher, and letting users to jump to iOS settings is not a bad idea for security reason instead of creating xAuth login screen within my app or oAuth inside on UIWebview, I ended up letting users to jump to iOS5 settings on login.

    Check out the way to do that here. https://stackoverflow.com/a/11267414/743663