For a new little side project I’m working on, I need a way to interact with Twitter on a user’s behalf. You know, like what OAuth is for. Until that blessed day, I’ve got django-twitterauth to keep from stealing Twitter passwords.
Your app’s Twitter user first follows the user that is trying
to authenticate. The user is then directed, by way of a hidden
<iframe>, to send a direct message to the app’s
Twitter user containing a SHA1 hex digest. Once the app verifies that
it received the direct message, the user is authenticated.
It isn’t the best flow in the world but it isn’t the worst, either. I hope my Django n00b-iness isn’t shining too bright.
Once again, django-twitterauth on GitHub.