Question about access tokens and authJuly 8, 2020 at 5:17pm
Hey! Me again!
I dont fully understand the auth flow with Twitter for example. When i setup some rules with auth guardian and then call the auth.login('twitter) Im presented with a window which asks me to authorize the app with twitter. In the listed things that the app will be able to do it says that it will be able to change the users profile. This then leads me to believe that somewhere in this auth request is hidden the users oauth token and oauth secret, which is required to make changes to a users account/profile. Is this the case?
Ive currently pulled out my request to the twitter API to do this action into a serverless function. Im using the twitter-lite package. But im wondering if I need to go through the process again of authenticating the user in order to get the above mentioned tokens if they are already in there somewhere.
To note: ive looked in the auth object after the user logs in to twitter and ive also decoded the access token to check in there. Im probably way off here but thought i would ask just in case.
Hope all that is clear!
July 12, 2020 at 6:43pm