Coding the Tweet, Redux

A few months ago we built a simple Twitter desktop client with oAuth support using C# and .NET.

Since then, there have been some breaking changes in the Twitter oAuth implementation, including a new PIN-based authorization mechanism for desktop Twitter clients. If you’ve been getting 401 Unauthorized errors, this is probably why.

So I updated the Coding the Tweet generic Twitter application and the accompanying source code to support the PIN-based paradigm. The changes were minor:

  • Modify the GUI to prompt for and accept the user’s PIN.
  • Pass the user’s PIN to the oauth/access_token endpoint via the oauth_verifier parameter.

Some Twitter developers have complained that these changes (the changes to the Twitter API) break existing code, and I agree, it’s always fun to rant about the people who write APIs for public consumption…always…but honestly the only difference here (for desktop Twitter anyway) is that the user PIN, once collected, needs to be packaged along in the call to oauth/access_token:

http://twitter.com/oauth/access_token?param1=blah&param2=blah&param3=blah&oauth_verifier=[user's PIN]

This only needs to happen once. Otherwise the workflow for user-authorizing a desktop Twitter application looks pretty much like it always has.

  1. The developer registers a custom application on Twitter and receives a Consumer Key and Consumer Secret.
  2. The user runs the Twitter client for the first time.
  3. The Twitter client calls http://twitter.com/oauth/request_token to retrieve a token.
  4. The Twitter clients calls http://twitter.com/oauth/authorize, passing the token returned in step 3. The API returns the URL of the user’s authorization page on Twitter.
  5. The Twitter client spawns a browser and navigates to the user’s authorization page.
  6. The user is given a PIN.
  7. The user enters the PIN in the Twitter client.
  8. The Twitter client calls http://twitter.com/oauth/access_token (passing the PIN along) to request a full-fledged access token.
  9. The Twitter client uses that access token in subsequent requests.

The code is still using Eran Sandler and Shannon Whitley’s oAuth/Twitter library but with additional changes to support the new PIN mechanism. If you have visions of .NET Twitter clients dancing through your head, save yourself some typing and use this library or something like it.

Otherwise the non-programmers out there can still download the Coding the Tweet application and copy/paste their Consumer Keys, Consumer Secrets, and (when prompted) their PINs via the Settings dialog. No coding required.

Questions? Bugs? You know what to do…

Comments

  • Anonymous says:

    cool. i was working on this, the pin/oauth stuff, last night. working from the older version of the oauth c# code, had a hell of a time refactoring that code to allow for this to happen cleanly. curious to see how you did it… will look at it tonight.

    by the way why is this thing compiling against .net3.5?

  • Anonymous says:

    love these hobby projects :)

  • Darryl says:

    You should add this post and the other to the Twitter API Wiki. There’s only one .NET app there and it’s not explained in detail.

    http://apiwiki.twitter.com/OAuth-Examples

  • twitterfan says:

    Good work, James.

    In reference to Darry’s comment: the Twitter API Wiki is NOT updateable and getting any new information into it is almost impossible. Completely defeats the purpose of having a wiki….but Twitter is nothing if not a little arrogant

  • JeremyX says:

    For those that haven’t seen it yet, some Twitter documents were leaked to Tech Crunch who published them without permission because Michael Arrington’s ego is large enough to have its own gravitational field:

    http://www.techcrunch.com/2009/07/16/twitters-internal-strategy-laid-bare-to-be-the-pulse-of-the-planet/

  • Dean S. says:

    James I looked at the code for the original post, and I thought then what I still think now: the oAuth classes are a mess. I realize you didn’t author those classes, and they’re easy enough to use. But I find the code has the flavor of spaghetti. Are there any alternative oAuth wrappers for .NET?

    Anybody?

  • Rammohan V. says:

    The oAuth C# wrapper at:

    http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs

    Is state the art. For this, is the same code used in the wrapper above.

  • Anonymous says:

    After reading this and your other post…. Im gonna to start working on a Twitter client in PHP; It will be the most kick-ass Twitter client ever; it will kick your Twitter client’s ass and steal its lunch money, Devlin.

    I’ve been LOOKING for a pet project. So thanks anyway for implanting the idea in my head.

  • Anonymous says:

    what has happened to full titl poker? the detour on the exttextout does not work! I see only string with lenght=1!

    thanks

  • Alfred says:

    Thanks JAmes, I was able to get this working with a few additions. Is there a way to use PIN for web?

  • Coding the Wheel says:

    [i]>Are there any alternative oAuth wrappers for .NET?[/i]

    There are a ton of Twitter wrappers. Not sure about full-fledged oAuth wrappers. The latest I’ve been playing around with is a LINQ to Twitter adapter: http://linqtotwitter.codeplex.com/.

    [i]>what has happened to full tilt poker?[/i]

    They upgraded to a QT-driven GUI !

  • Alfred says:

    I found an obb=pin parameter that can be passed in…not able to get this working with a web app.

  • Anonymous says:

    I was reading [url=http://stackoverflow.com/questions/1146746/how-do-i-get-the-twitter-api-to-respect-the-callback-parameter-with-oauth]this article[/url] on StackOverflow about how to streamline the whole PIN collection/website callback process and I was wondering…can’t a desktop Twitter client send out an HTTP request to the page containing the PIN and scrape the PIN directly from the HTML, then plug that back into the workflow?

    Would this work or not?

  • Tony Cano says:

    Your website is just amazing!!!

  • Anonymous says:

    How to make this work with Unicode characters? I tried to change the HttpUtility.UrlEncode to take Encoding.UTF8 and also where ever ASCII.GetBytes is used to UTF8.GetBytes, but I still get 401 unauthorized error when I try to post my tweet containing Unicode characters.

    Can someone help me with this?

  • CTWhasAniceAPP says:

    Where does the data collected on the user’s machine get stored?

    Can this application have different profiles on the same machine?

    I like the application, thanks for creating it!

  • CTWhasAniceAPP says:

    As an answer to my question doesn’t seem to be forthcoming, I tried using different “instances” of this tool, and found that having the tool in its own folder(s) caused each “instance” to be unique. In that while using CTT in folder A (for Account A), and CTT in folder B (for Account B) worked just fine!

    Still wondering where the data’s stored, but…

  • tiffany&co says:

    If you are on the enthusiasm for tiffany Coupon ergo considering to worth the discount, hence you fault finish palpable in that contrasted methods. The tiffany outlet are rule trend these days since of the pertinent habit of these tiffany&co.
    http://www.tiffanycooutlet.com

  • tiffany&co says:

    tiffany&co
    If you are on the enthusiasm for Coupon ergo tiffany&co considering to worth the discount, hence you fault finish palpable in tiffanycooutlet that contrasted methods. The are rule trend tiffany rings these days since of the tiffany jewellery pertinent habit of these.
    http://www.tiffanycooutlet.com

  • surefire led says:

    Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing. Keep blogging.surefire led

  • David Taylor says:

    There’s something I’m not getting… I pass my consumer key and secret in, and it goes to the twitter page and asks me to authorize the app. I allow the authorization, and it just redirects to my home page. Never does it display the PIN.

    For the callback URL I just put my website’s home page. Should I have provided a different URL that will display the PIN?

  • Tiffany OutletTiffany OutletTiffany OutletTiffany Outlet

  • It was an excellent effort made by you through your nice piece of writing, holding the quality and knowledge together for the readers.

  • bwood says:

    I ave tried your app and it works all the way up to sending a tweet. I get a 401 – Unauthorized error when I try to send a tweet. Any ideas?

  • Andaman & Nicobar says:

    Jaipur toursome times we ignore this sort of things & also suffer a lot as well. However we can save a lot with the assistance of these tips for example time etc.