Authenticate user with twitter login

StackOverflower picture StackOverflower · Jan 27, 2011 · Viewed 16k times · Source

I wonder of someone know a working sample of logging in using Twitter (OAuth) for .NET

I'm currently using this one http://www.voiceoftech.com/swhitley/?p=681

but it only works if I set the callback url to "oob", if I set a real callback url I get "401 unauthorized".

Thanks!

Answer

Cheeso picture Cheeso · Feb 27, 2011

I wrote an OAuth manager for this, because the existing options were too complicated.

OAuth with Verification in .NET

The class focuses on OAuth, and works specifically with Twitter. This is not a class that exposes a ton of methods for the entire surface of Twitter's web API. It is just OAuth. If you want to update status on Twitter, this class exposes no "UpdateStatus" method. I figured it's a simple matter for app designers to construct the HTTP message they want to send. In other words the HTTP message is the API. But the OAuth stuff can get a little complicated, so that deserves an API, which is what the OAuth class is.

Here's example code to request a "request token":

var oauth = new OAuth.Manager();
oauth["consumer_key"] = MY_APP_SPECIFIC_CONSUMER_KEY;
oauth["consumer_secret"] = MY_APP_SPECIFIC_CONSUMER_SECRET;    
oauth.AcquireRequestToken(SERVICE_SPECIFIC_REQUEST_TOKEN_URL, "POST");

THAT'S IT. In Twitter, the service-specific URL for requesting tokens is "https://api.twitter.com/oauth/request_token".

Once you get the request token, you pop the web browser UI in which the user will explicitly grant approval to your app, to access Twitter. You need to do this once, the first time the app runs. Do this in an embedded WebBrowser control, with code like so:

var url = SERVICE_SPECIFIC_AUTHORIZE_URL_STUB + oauth["token"];
webBrowser1.Url = new Uri(url);

For Twitter, the URL for this is "https://api.twitter.com/oauth/authorize?oauth_token=" with the oauth_token appended.

Grab the pin from the web browser UI, via some HTML screen scraping. Then request an "access token":

oauth.AcquireAccessToken(URL_ACCESS_TOKEN,
                         "POST",
                         pin);

For Twitter, that URL is "https://api.twitter.com/oauth/access_token".

You don't need to explicitly handle the access token; the OAuthManager class maintains it in state for you. But the token and secret are available in oauth["token"] and oauth["token_secret"], in case you want to write them off to permanent storage. To make requests with that access token, generate the authz header like this:

var authzHeader = oauth.GenerateAuthzHeader(url, "POST");

...where url is the resource endpoint. To update the user's status on Twitter, it would be "http://api.twitter.com/1/statuses/update.xml?status=Hello".

Then set the resulting string into the HTTP Header named Authorization, and send out the HTTP request to the url.

In subsequent runs, when you already have the access token and secret, you can instantiate the OAuth.Manager like this:

var oauth = new OAuth.Manager();
oauth["consumer_key"] = MY_APP_SPECIFIC_CONSUMER_KEY;
oauth["consumer_secret"] = MY_APP_SPECIFIC_CONSUMER_SECRET;
oauth["token"] = your_stored_access_token;
oauth["token_secret"] = your_stored_access_secret;

Then just generate the authz header, and make your requests as described above.

Download the DLL
View the Documentation