Coding the Tweet, Redux
Saturday, July 18, 2009   

A few months ago we built a simple Twitter desktop client with oAuth support using C# and .NET.

Since then, there have been some breaking changes in the Twitter oAuth implementation, including a new PIN-based authorization mechanism for desktop Twitter clients. If you've been getting 401 Unauthorized errors, this is probably why.

So I updated the Coding the Tweet generic Twitter application and the accompanying source code to support the PIN-based paradigm. The changes were minor:

  • Modify the GUI to prompt for and accept the user's PIN.
  • Pass the user's PIN to the oauth/access_token endpoint via the oauth_verifier parameter.

Some Twitter developers have complained that these changes (the changes to the Twitter API) break existing code, and I agree, it's always fun to rant about the people who write APIs for public consumption...always...but honestly the only difference here (for desktop Twitter anyway) is that the user PIN, once collected, needs to be packaged along in the call to oauth/access_token:

http://twitter.com/oauth/access_token?param1=blah&param2=blah&param3=blah&oauth_verifier=[user's PIN]

This only needs to happen once. Otherwise the workflow for user-authorizing a desktop Twitter application looks pretty much like it always has.

  1. The developer registers a custom application on Twitter and receives a Consumer Key and Consumer Secret.
  2. The user runs the Twitter client for the first time.
  3. The Twitter client calls http://twitter.com/oauth/request_token to retrieve a token.
  4. The Twitter clients calls http://twitter.com/oauth/authorize, passing the token returned in step 3. The API returns the URL of the user's authorization page on Twitter.
  5. The Twitter client spawns a browser and navigates to the user's authorization page.
  6. The user is given a PIN.
  7. The user enters the PIN in the Twitter client.
  8. The Twitter client calls http://twitter.com/oauth/access_token (passing the PIN along) to request a full-fledged access token.
  9. The Twitter client uses that access token in subsequent requests.

The code is still using Eran Sandler and Shannon Whitley's oAuth/Twitter library but with additional changes to support the new PIN mechanism. If you have visions of .NET Twitter clients dancing through your head, save yourself some typing and use this library or something like it.

Otherwise the non-programmers out there can still download the Coding the Tweet application and copy/paste their Consumer Keys, Consumer Secrets, and (when prompted) their PINs via the Settings dialog. No coding required.

Questions? Bugs? You know what to do...


Posted by James Devlin   14 comment(s)

cool. i was working on this, the pin/oauth stuff, last night. working from the older version of the oauth c# code, had a hell of a time refactoring that code to allow for this to happen cleanly. curious to see how you did it... will look at it tonight.

by the way why is this thing compiling against .net3.5?

Anonymous on 7/18/2009 9:42 AM (234 days ago)

love these hobby projects Smile

Anonymous on 7/18/2009 2:57 PM (234 days ago)

You should add this post and the other to the Twitter API Wiki. There's only one .NET app there and it's not explained in detail.

http://apiwiki.twitter.com/OAuth-Examples

Darryl on 7/18/2009 5:44 PM (234 days ago)

Good work, James.

In reference to Darry's comment: the Twitter API Wiki is NOT updateable and getting any new information into it is almost impossible. Completely defeats the purpose of having a wiki....but Twitter is nothing if not a little arrogant

twitterfan on 7/18/2009 8:03 PM (233 days ago)

For those that haven't seen it yet, some Twitter documents were leaked to Tech Crunch who published them without permission because Michael Arrington's ego is large enough to have its own gravitational field:

www.techcrunch.com/.../


JeremyX on 7/19/2009 7:07 AM (233 days ago)

James I looked at the code for the original post, and I thought then what I still think now: the oAuth classes are a mess. I realize you didn't author those classes, and they're easy enough to use. But I find the code has the flavor of spaghetti. Are there any alternative oAuth wrappers for .NET?

Anybody?

Dean S. on 7/19/2009 10:54 AM (233 days ago)

The oAuth C# wrapper at:

oauth.googlecode.com/svn/code/csharp/OAuthBase.cs

Is state the art. For this, is the same code used in the wrapper above.

Rammohan V. on 7/19/2009 4:56 PM (233 days ago)

After reading this and your other post.... Im gonna to start working on a Twitter client in PHP; It will be the most kick-ass Twitter client ever; it will kick your Twitter client's ass and steal its lunch money, Devlin.

I've been LOOKING for a pet project. So thanks anyway for implanting the idea in my head.

Anonymous on 7/20/2009 2:08 AM (232 days ago)

what has happened to full titl poker? the detour on the exttextout does not work! I see only string with lenght=1!

thanks

Anonymous on 7/20/2009 10:39 AM (232 days ago)

Thanks JAmes, I was able to get this working with a few additions. Is there a way to use PIN for web?

Alfred on 7/20/2009 2:20 PM (232 days ago)

>Are there any alternative oAuth wrappers for .NET?

There are a ton of Twitter wrappers. Not sure about full-fledged oAuth wrappers. The latest I've been playing around with is a LINQ to Twitter adapter: http://linqtotwitter.codeplex.com/.

>what has happened to full tilt poker?

They upgraded to a QT-driven GUI !

James Devlin on 7/21/2009 8:21 AM (231 days ago)

I found an obb=pin parameter that can be passed in...not able to get this working with a web app.

Alfred on 7/21/2009 7:45 PM (230 days ago)

I was reading this article on StackOverflow about how to streamline the whole PIN collection/website callback process and I was wondering...can't a desktop Twitter client send out an HTTP request to the page containing the PIN and scrape the PIN directly from the HTML, then plug that back into the workflow?

Would this work or not?

Anonymous on 7/23/2009 9:17 AM (229 days ago)

Your website is just amazing!!!

Tony Cano on 8/3/2009 10:49 AM (218 days ago)

Comment on this post:

Thanks for your interest in Coding the Wheel. All fields are optional.