TWITTER OAUTHAND .NET CODEMohamed Meligy
http://gurustop.net
http://twitter.com/meligy
APPLICATION REGISTRATION
A Twitter user creates a Twitter Application If the application is web based, it needs to provide a URL.
“Localhost” is not accepted as a domain for this URL
A Twitter Application gets two pieces of information Consumer Key Consumer Secret
A Twitter Application will use these in all coming requests.
INITIALIZING THE PROCESS
User comes to the application and it decides to authenticate against Twitter
Application makes a request using Consumer Key and Secret to obtain “Oauth Request Token”, which consists of two parts
Token Token Secret
Application makes authentication URL including the “Oauth Request Token” parameter, and optionally a “Call-back URL” (if different than default URL in first step)
USER AUTHENTICATION
The user is redirected to Twitter, the URL contains the “Oauth Request” to identify application authentication session
Assuming the Twitter User being logged in and authorizes the Application
If the application is a desktop application, Twitter gives the a user a number “Verifier” to manually write back to the application
If the application is a web application, the user is redirected back to the application call-back URL with a complex “Verifier” parameter in the URL
OBTAINING THE ACCESS TOKEN
The Application makes a request to Twitter including the “Oauth Request Token” and the “Verifier”
It obtains an “Access Token”, likewise it consists of two-parts:
Token Token Secret
The application needs to send the Consumer Key and Secret and Access Token in every future request that needs the Twitter User privileges
CACHING CREDENTIALS
The application needs at least one authorization process as before
The Access Token returned can be saved in session/DB/whatever and then re-used later
The application can later use the Access Token directly along with the Consumer Key / Secret to communicate with Twitter without going through any of the previous steps
SAMPLE CODETweetSharp v 2.0
REQUEST TOKEN & REDIRECT
GETTING ACCESS TOKEN
HINTS FOR WEB APPLICATIONS
The method GetAuthenticationUrl() has an overload that accepts a call-back URL for the user to be redirected to after obtaining verifer
The important part in RequestToken is the Token part, not the secret.
All parts of AccessToken are important and required When the user is redirected back from Twitter to your
application, you get the following QueryString parameters sent to you
oauth_token: The Token part of the Request Token oauth_verifier: The verifier required to obtain the Access Token later
USING CACHED ACCESS TOKEN
RELATED LINKS More Content Like This
http://gurustop.net
Twitter Developers Site http://developer.twitter.com
TweetSharp http://tweetsharp.codeplex.com OAuth Workflow
http://tweetsharp.codeplex.com/wikipage?title=OAuthWorkflow&referringTitle=Documentation
Questions / Suggestions? http://twitter.com/meligy http://gurustop.net/contact [email protected]