A few months ago we built a simple Twitter desktop client with oAuth support using C# and .NET.

Since then, there have been some breaking changes in the Twitter oAuth implementation, including a new PIN-based authorization mechanism for desktop Twitter clients. If you’ve been getting 401 Unauthorized errors, this is probably why.

So I updated the Coding the Tweet generic Twitter application and the accompanying source code to support the PIN-based paradigm. The changes were minor:

  • Modify the GUI to prompt for and accept the user’s PIN.
  • Pass the user’s PIN to the oauth/access_token endpoint via the oauth_verifier parameter.

Some Twitter developers have complained that these changes (the changes to the Twitter API) break existing code, and I agree, it’s always fun to rant about the people who write APIs for public consumption—always—but honestly the only difference here (for desktop Twitter anyway) is that the user PIN, once collected, needs to be packaged along in the call to oauth/access_token:

http://twitter.com/oauth/access_token?param1=blah&param2=blah&param3=blah&oauth_verifier=[user PIN]

This only needs to happen once. Otherwise the workflow for user-authorizing a desktop Twitter application looks pretty much like it always has.

  1. The developer registers a custom application on Twitter and receives a Consumer Key and Consumer Secret.
  2. The user runs the Twitter client for the first time.
  3. The Twitter client calls http://twitter.com/oauth/request_token to retrieve a token.
  4. The Twitter clients calls http://twitter.com/oauth/authorize, passing the token returned in step 3. The API returns the URL of the user’s authorization page on Twitter.
  5. The Twitter client spawns a browser and navigates to the user’s authorization page.
  6. The user is given a PIN.
  7. The user enters the PIN in the Twitter client.
  8. The Twitter client calls http://twitter.com/oauth/access_token (passing the PIN along) to request a full-fledged access token.
  9. The Twitter client uses that access token in subsequent requests.

The code is still using Eran Sandler and Shannon Whitley’s oAuth/Twitter library but with additional changes to support the new PIN mechanism. If you have visions of .NET Twitter clients dancing through your head, save yourself some typing and use this library or something like it.

Otherwise the non-programmers out there can still download the Coding the Tweet application and copy/paste their Consumer Keys, Consumer Secrets, and (when prompted) their PINs via the Settings dialog. No coding required.

Questions? Bugs? You know what to do—