Eclipsed4utoo's Blog

I made a post almost 3 months ago about a .Net Twitter API that I had done.  Since then, I have made some modifications to the API.  I have added a couple of more features.  I also included various classes from the System.Web namespace so that I wouldn’t need a reference to that namespace.  This allows the API to be used on a mobile device with a very small footprint(the System.Web.dll file is 5MB in size, my .dll is 52KB).

I am missing a few features from my API.  Most notably the new “Retweet” functionality and the “Lists” functionality.  I am also missing some of the account methods.  Other than that, I believe I have most, if not all, of the other methods.

This API supports both Basic Auth and OAuth.  I would advise to use OAuth, since Twitter will be depreciating Basic Auth in June 2010.  To learn more about how OAuth works, check out my other blog post where I try to explain OAuth.

Remember that this API is for the Desktop OAuth only.  Feel free to download it and make changes to allow OAuth from a web application(yes, they are different “workflows”).   Basic Auth should work for both Desktop and Web applications.

I give credit to Shannon Whitley for his original OAuth code.  I made some modifications to it, but the base code of the OAuth is his.

Here is a code snippet on using the API for OAuth authorization.

// creats instance and sets Consumer and ConsumerSecret values
TwitEclipseAPI twit = new TwitEclipseAPI();
twit.OAuthConsumerKey = "yourConsumerKey";
twit.OAuthConsumerSecret = "yourConsumerSecret";

// makes request to get unauthorized request token
// The method will concatenate the request token to Twitter's Desktop OAuth
//    url (http://twitter.com/oauth/authorize)
string url = twit.OAuthGetUnauthorizedRequestToken();

// opens the user's default browser and browses to Twitter's OAuth page
Process.Start(url);

//  You will need to get the PIN from the user
//  I just created a popup and have the user enter the PIN
//       into a textbox in the popup
frmPinPopup popup = new frmPinPopup();
popup.ShowDialog();

string PIN = popup.PIN;
popup.Dispose();

// Gets the Token and TokenSecret that will be needed for all
//   subsequent requests.  You will need to save these values to keep
//   from forcing the user to authorize your application everytime they
//   open your application.
twit.OAuthRequestAccessToken(PIN);

// You can check for success by checking the OAuthAccessToken
//    and OAuthAccessTokenSecret values.  If they are populated, then
//    it was successful.  If they are empty, then it failed.
if (!string.IsNullOrEmpty(twit.OAuthAccessToken) && !string.IsNullOrEmpty(twit.OAuthAccessTokenSecret))
{
    MessageBox.Show("Authorization Successful");
}

Each method of the API will check the OAuthAccessToken and OAuthAccessTokenSecret values to determine whether it needs to do the request using OAuth or Basic Auth.

I have put the code on CodePlex.  It will contain both the .dll file, and the source code.  I felt it was easier to keep up with using CodePlex.

If you have code questions, you can post here.  However, if you are on Google Wave, you can go here.  If you would like Google Wave, I have about 20 invitations that I can send out.  Using Google Wave would be much better since we could exchange code using a code snippet tool.

I have released a BETA version of my Twitter Desktop Client called TwitEclipse.  I have been writing a Twitter API library in .Net for a while now, and figured I might as well write a desktop client also.

The client uses .Net 3.5 SP1 and WPF.  It was a great learning experience to learn WPF since I had almost no previous experience with it.

If you want to download it and test it out, you can download it from here.  Remember that it is a BETA.  You could run into issues.  If you do, be sure to let me know so I can fix them.  I will also be adding additional features to the app once I get a chance.

I will be releasing my Twitter API library soon also.

I recent finished the implementation of OAuth into my .Net Twitter library.  I can safely say that it was a pain in the ass.  I have never been so frustrated by “(401) Unauthorized” errors.  But alas, I was able to complete the implementation.

As a guideline, I used Shannon Whitley’s code, since that’s the only .Net reference Twitter gives for OAuth implementation.  Since I had already created my own Twitter library that consumed 95% of the current Twitter REST API methods, I couldn’t simply add his two code files to my project and run with it.  I had to change some stuff around to get it to work with mine.  I also made some modifications to his class that makes all of the OAuth implementations.  In my opinion, it had a lot of code that didn’t need to be there.  I also created another class to consume the parameters needed for the OAuth requests so that I wasn’t passing 9 parameters to different methods.

So first, I want to explain OAuth a little and how it works for a desktop Twitter client.  I stress desktop application because Twitter has different implementations for web clients vs. desktop clients.

So OAuth is an open protocol to allow secure authorization to an API.  This means that for Twitter, the user’s of a desktop client aren’t required to give their username and password to the client.  The client can use OAuth to communicate with with the Twitter API without needing usernames and passwords.

Now for the process.  This was the toughest part for me to get my head around.  I couldn’t really find any good explanations of each step of the process.  So I will explain as much as I can.

Your first step is to register your application with Twitter.  This does a couple of things.  It gives you a “Consumer Key” and “Consumer Secret”.  These are needed in each OAuth request that is made.  This also provides the “source” for the tweets.  Twitter recently removed the ability to set the “source” of the tweet to your application name when using Basic Authentication.  This is now only allowed when using OAuth.

When making requests to OAuth methods, there are a number of parameters that are required for all requests.  And depending on the request, some may be expecting additional parameters.  The required parameters for all requests are:

1.  Consumer Key – given when you register your application.
2.  Nonce – a random string.  I use a GUID.  Some use a random number.
3.  Timestamp – the number of seconds since January 1, 1970.
4.  Signature – an HMAC-SHA1 string of all of the other parameters.
5.  Signature Method – HMAC-SHA1.  Currently Twitter only supports HMAC-SHA1.
6.  Token – unauthorized/request/access token.
7.  Verifier – the PIN from the Desktop Workflow
8.  Version – “1.0″

When creating the signature, you will use the Consumer Secret and Token Secret as the key.  Also, the parameters that are part of the signature need to be in order when creating the signature and when making the request.  The signature is appended to the end of the parameters so it does not need to be in order.

Here is the order that the parameters need to be in:

1.  oauth_consumer_key
2.  oauth_nonce
3.  oauth_signature_method
4.  oauth_timestamp
5.  oauth_token
6.  oauth_verifier
7.  oauth_version
8.  oauth_signature

To make the signature, you would use this code:

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(oauth.CustomerSecret), string.IsNullOrEmpty(oauth.TokenSecret) ? "" : UrlEncode(oauth.TokenSecret)));
// code to compute the hash to return as the signature

Moving to the code, your first step is to send an HttpWebRequest to http://twitter.com/oauth/request_token .  This request will return an Unauthorized Token and Unauthorized Token Secret.  In the current library that I used(and my Twitter API library), this method will return the entire URL including the token and secret, which will look like this…

http://twitter.com/oauth/authorize?oauth_token=UnauthorizedTokenValue

Your next step is to have the user go to the URL that was returned from the previous step.  This is the step that many developers have complained about.  When navigating to this URL, the user will enter their username and password.  They will then be given a PIN.  You will need to get this PIN from the user because it is required for you to get an Access Token.  I simply give a textbox for the user to copy and paste to.

After receiving the PIN, you will now need to make a request to http://twitter.com/oauth/access_token .  This will give you the Access Token that you will need to make all other requests to the Twitter REST API.  You will need to save these somewhere, whether it be in a database or in a file.

Here is some client code..

TwitEclipseAPI twit = new TwitEclipseAPI();
twit.OAuthConsumerKey = ""; // your consumer key
twit.OAuthConsumerSecret = ""; // your consumer secret

// Once you get the access token, this
//    would be out to set it
//twit.OAuthAccessToken = "";
//twit.OAuthAccessTokenSecret = "";

string redirectURL = twit.OAuthGetUnauthorizedRequestToken();
Process.Start(redirectURL);

// show a popup to enter PIN
frmEnterPIN f = new frmEnterPIN();
f.ShowDialog();
string pin = f.PIN;
f.Dispose();

if (twit.OAuthRequestAccessToken(pin))
{
   twit.UpdateUserStatus("This is a test");
}

I have posted a link to the code files for my library and how it uses the edited version of Shannon’s library.

Post any questions in the comments.  I will answer them as best I can.  If  you run into any issues, please let me know.  Thanks.

UPDATE: I have update the site with a new version of my twitter library.  I have also moved the download to CodePlex so that it will be easier for me to update.  Here is the link.