Skip to content

Authentication

linvi edited this page Jun 6, 2015 · 37 revisions

Overview

Twitter allows developers to authenticate users against their application credentials. The API gives access to 2 different mechanisms that we will name URL redirect authentication and PIN based authentication.

IMPORTANT : If you are using authentication on a website please read the Web Application Considerations!

PIN Based Authentication

The PIN based authentication process is quite simple.

  1. Request Twitter to provide a unique URL that enables a user to authenticate and retrieve a captcha.
  2. Ask the user to go to this URL.
  3. Twitter will ask the user to authenticate and accept the permissions requested by your Twitter application.
  4. If the user accepts, Twitter generates a PIN Code and give it to the user.
  5. With this code, Twitter can now issue a new OAuth Token available from a WebRequest.

Now let's see how Tweetinvi simplifies this process.

// Store the application only credentials into a variable
var applicationCredentials = CredentialsCreator.GenerateApplicationCredentials(consumerKey, consumerSecret);

// Get the URL that the user needs to visit to accept your application
var url = CredentialsCreator.GetAuthorizationURL(applicationCredentials);

// Implement your own method to request the PIN Code from the User
var pinCode = RequestThePinCodeToTheUser();

// Let Tweetinvi generates the credentials based on the given PIN Code
var userCredentials = CredentialsCreator.GetCredentialsFromVerifierCode(pinCode, applicationCredentials);

URL Redirect Authentication

The Redirect URL authentication process is also quite a straightforward process.

  1. Request Twitter to provide a unique URL that enables a user to authenticate and redirect to a specific URL.
  2. Ask the user to go to this URL.
  3. Twitter will ask the user to authenticate and accept the permissions requested by your Twitter application.
  4. If the user accepts, Twitter will redirect the user to the specified URL and provide some credentials information as URL parameters.
  5. With these information, Twitter can now issue a new OAuth Token available from a WebRequest.

Now let's see how Tweetinvi simplifies this process.

  • In a first time we need the user to be redirected to Twitter authentication URL.
// Store the application only credentials into a variable
var applicationCredentials = CredentialsCreator.GenerateApplicationCredentials(consumerKey, consumerSecret);

// Get the URL that the user needs to visit to accept your application
var url = CredentialsCreator.GetAuthorizationURLForCallback(applicationCredentials, "https://mywebsite.com/twitter_auth");
  • In a second time we need to get the information back from Twitter. You will need to create a route in your controller to listen to /twitter_auth. In the route handler you can use the following code.
// The callbackURL parameter is the entire URL that you controller received
// The URL will be parsed and used to generate the user credentials.
var newCredentials = CredentialsCreator.GetCredentialsFromCallbackURL(callbackURL, applicationCredentials);

After being authenticated, Twitter will redirect the user to a URL with the following format : https://mywebsite.com/twitter_auth?oauth_token={token}&oauth_verifier={verifier}.

As you can see Twitter will provide 2 parameters in the query, oauth_token and oauth_verifier. Please do not use any of these parameters in your callbackURL.

Web Application Considerations

If you write web application it is important that you understand how the applicationCredentials are used and updated by Tweetinvi.

When calling GetAuthorizationURLForCallback, Tweetinvi makes a WebRequest to Twitter which returns various information and more importantly the following:

  • The Authentication URL
  • A key that Tweetinvi stores in the AuthorizationKey property.
  • A key that Tweetinvi stores in the AuthorizationSecret property.

Behind the scene Tweetinvi stores these information within the applicationCredentials. During the second part of the process Tweetinvi will use these 2 keys to generate the credentials.

As a result, after being redirected you need to ensure that these 2 information are preserved. When calling the method GetCredentialsFromCallbackURL, you need to make sure that these 2 information are the same as they were after the call to GetAuthorizationURLForCallback.

Localhost issue

You can encounter issues if you attempt to use localhost as the redirect URL. If you encounter such issue please try using http:127.0.0.1 instead.

Clone this wiki locally