问题描述

我有一个演示脚本，可以让我对我的应用程序进行授权并发回我的令牌.但这令人困惑.

I have got a demo script that lets me authorize with my app and sends back my token. But this is confusing.

我一直在我的 CURL 或 simpleXML 函数中使用用户名和密码来授权 API 调用.我不明白这与 oauth 有何关系.

I have always used username and password in my CURL or simpleXML functions to authorize the API call. I don't understand how this relates to oauth.

我知道我将存储令牌，但是一旦拥有它我该怎么办?我在网上找到的一切都不是很清楚，它假设我是斯蒂芬霍克并且已经知道他们谈论的内容的 9/10.

I get that I will store the token, but what do I do with it once i have it? Nothing I've found online is clear and it makes the assumption that I'm stephen hawking and already know 9/10ths of what they are talking about.

帮助我从在 http 地址中使用用户名和密码转变为使用我的 oauth 令牌.

Help me go from using username and password in the http address, to using my oauth token instead.

推荐答案

头脑正常的人不应将他们的 Twitter 密码信任给您的 Web 应用程序，因此您的应用程序无法代表他们访问 Twitter.OAuth 是一种解决此问题的方法，它允许用户在您不知道密码的情况下有选择地将您的应用程序访问权限授予他们的 Twitter 帐户.这样一来，密码仍然是仅在用户和 Twitter 之间共享的凭据，不会有不受信任的第三方(您).

Nobody in their right mind should trust their Twitter password to your web application so your application is unable to access Twitter on their behalf. OAuth is a way around this by letting the user selectively grant access for your application to their Twitter account without you knowing the password. That way, the password remains a credential only shared between the user and Twitter and no untrusted third party (you).

这就是废话的原因.

That’s what’s up with that crap.

这篇关于Twitter 的 OAuth 系统如何工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！