GuruStop.NET (@Meligy)

This is a PowerPoint Presentation (and extraction of the contents) I made as per a couple of friends’ request (@EmadAshi and @AmrEldib) to show how OAuth works along with Twitter and how easy it is to cache OAuth credentials.

As I was doing related work for TweetToEmail. I felt a PowerPoint presentation will be even better than a blog post for this one, but here you get the two.

The Presentation

The Contents

Application Registration

• A Twitter user creates a Twitter Application
  • If the application is web based, it needs to provide a URL. “Localhost” is not accepted as a domain for this URL
• A Twitter Application gets two pieces of information
• Consumer Key
• Consumer Secret
• A Twitter Application will use these in all coming requests.

Initializing The Process

• User comes to the application and it decides to authenticate against Twitter
• Application makes a request using Consumer Key and Secret to obtain “Oauth Request Token”, which consists of two parts
  • Token
  • Token Secret
• Application makes authentication URL including the “Oauth Request Token” parameter, and optionally a “Call-back URL” (if different than default URL in first step)

User Authentication

• The user is redirected to Twitter, the URL contains the “Oauth Request” to identify application authentication session
• Assuming the Twitter User being logged in and authorizes the Application
  • If the application is a desktop application, Twitter gives the a user a number “Verifier” to manually write back to the application
  • If the application is a web application, the user is redirected back to the application call-back URL with a complex “Verifier” parameter in the URL

Obtaining the Access Token

• The Application makes a request to Twitter including the “Oauth Request Token” and the “Verifier”
• It obtains an “Access Token”, likewise it consists of two-parts:
  • Token
  • Token Secret
• The application needs to send the Consumer Key and Secret and Access Token in every future request that needs the Twitter User privileges

Caching Credentials

• The application needs at least one authorization process as before
• The Access Token returned can be saved in session/DB/whatever and then re-used later
• The application can later use the Access Token directly along with the Consumer Key / Secret to communicate with Twitter without going through any of the previous steps

Sample Code (TweetSharp v 2.0)

Request Token & Redirect

Getting Access Token

Hints for Web Applications

• The method GetAuthenticationUrl() has an overload that accepts a call-back URL for the user to be redirected to after obtaining verifer
• The important part in RequestToken is the Token part, not the secret.
• All parts of AccessToken are important and required
• When the user is redirected back from Twitter to your application, you get the following QueryString parameters sent to you
  • oauth_token: The Token part of the Request Token
  • oauth_verifier: The verifier required to obtain the Access Token later

Using Cached Access Token

Related Links

• More Content Like This
  • http://gurustop.net
• Twitter Developers Site
  • http://developer.twitter.com
• TweetSharp
  • http://tweetsharp.codeplex.com
  • OAuth Workflow
    • http://tweetsharp.codeplex.com/wikipage?title=OAuthWorkflow&referringTitle=Documentation
• Questions / Suggestions?
• • http://twitter.com/meligy
  • http://gurustop.net/contact
  • eng.meligy@gmail.com

Now that we're done, let me know if you click one of these offers and find it interesting :-)

Related posts:

1. I changed my twitter username to @Meligy
   Yesterday I changed my twitter username from @Mohamed_Meligy to just...
2. The Easiest Way To Write Async Code – Reading #FunnelWeblog Code
   This one is a Back-To-Basics style post. Last month, I...
3. MSDN Code Gallery – New Code Sample Sharing Area from Microsoft
   Microsoft has recently opened a new sub-site of MSDN, MSDN...