I have been researching the same thing for a few days.
I believe omniauth-twitter does not work with Twitter reverse authentication.
I think the solution is to send the oauth_token and oauth_token_secret you received
from the reverse authentication process on iOS, to a custom endpoint in your application.
Note, I am in the process of implementing this myself; it should work, but it's not tested yet.
There you would use the twitter API to to verify the credentials. This is the actual authentication step from the rails app's perspective. Something like this (untested code):
consumer = OAuth::Consumer.new(TWITTER_APP_ID,
TWITTER_APP_SECRET,
{ site: 'https://api.twitter.com' })
access_token_token = ::OAuth::AccessToken.new(consumer,
params[:oauth_token],
params[:oauth_token_secret])
MultiJson.load(access_token.get('/1.1/account/verify_credentials.json?include_entities=false&skip_status=true')).body
(This is the same thing that the omniauth-twitter gem does after it gets the access token)
So from here on you would need to:
- Handle non-200 response from the above request
- Read the user ID from the returned hash, search your database for an existing user with an existing twitter user ID. If one exists, sign him in. If not, create a new user and sign him in.
Here's some more info:
My first idea was to hit the twitter callback provider by omniauth-twitter directly. But in that case you would need to pass along 2 parameters: the oauth_token which is the request token you obtain from the reverse auth on iOS, and oauth_verifier parameter which I have no idea how to get on iOS (Using the standard web flow where the user is redirected back to your callback, this parameter is being passed from twitter).
A downside with reverse auth seems to be that you need to embed the App secret in your application binary. It looks like a good idea to perform this step server-side (I saw the idea here: https://github.com/drudge/passport-twitter-token/#performing-twitter-reverse-auth-step-1-server-side)