How to Connect Your ASP.NET MVC Twitter Application to Twitter OAuth

Posted by Ahmad Barirani in Blog      4 comments

Sep
18

For those who are familiar with Facebook Connect, Twitter has a similar service. It’s called Twitter OAuth. Twitter applications that use Twitter OAuth do not ask for password as opposed to other Twitter Applications. This is a plus for user privacy and inspires confidence when a new visitor wants to use your app. Personally, I am reluctant in providing my login and password to some website I stumbled upon but that I have never heart of. So when I developed a The Tweet Watch, I used Twitter OAuth. You can take a look at it to see how Twitter OAuth works with ASP.NET MVC. In this article, I’ll show a simple way to connect your ASP.NET MVC app to Twitter OAuth.

Before starting, make your life easier and get one of those OAuth .NET libraries or classes and add it to your project. You will avoid a lot of headache in dealing with ‘HttpWebRequest’ class and interoperability issues with different sites.  There is a lot of them out there, so you need to find one that suites your needs. I’m not going to recommend one since changes to Twitter’s own implementation of OAuth could break how a .NET library works. Also, don’t forget that you will have to provide your Twitter application’s public and secret keys to the classes or the library. Nevertheless, if your mad about doing everything yourself, the Twitter OAuth process is explained enough in this article for you to be able to do so.

First, create a new controller and call it Twitter. Of course you can give any other name, and you don’t even have to create a new controller if you don’t want to. In this example we will suppose that a new controller is created, as I find that things are cleaner in this way. In this controller, create a new action called ‘CallBack’ (Twitter server will request this action after the user has authorized your application to perform status updates).

Second, in the Index function of your new controller, initiate the authorization process by requesting ‘http://twitter.com/oauth/request_token‘. Twitter server will respond back with an OAuth Token. If you are using an OAuth .NET library, you might have a function that covers this as well as the next step in one single function call (skip the next step if it is your case).

Third, you will have to extract the OAuth Token from the previous response and request for ‘http://twitter.com/oauth/authorize?oauth_token=The_OAuth_Token‘ where The_OAuth_Token is the extracted token. You might have to add the URL to your callback action which make the request look something like this: ‘http://twitter.com/oauth/authorize?oauth_token=The_OAuth_Token&oauth_callback=URL_To_Your_CallBack‘. This will get you to the point where the user is shown with the Twitter authorization page. After the user has authenticated and allowed your Twitter App to perform status updates, Twitter will call the ‘CallBack’ action (which is the URL_To_Your_CallBack).

Fourth, In your ‘CallBack’ action, you will first need to make a request to ‘http://twitter.com/oauth/access_token‘ to get the OAuth secret token. Again, OAuth .NET libraries should have a function for this. Once you have the secret token, request for user information with ‘http://twitter.com/account/verify_credentials.xml‘ to which Twitter server will respond with an XML answer containing user credentials.

At this point, you can use Twitter API to do all those things that you can do with it. Remember, the secret token must be provided with every request to the Twitter API so that they are linked to the right Twitter account. Since Twitter API uses the REST architecture, objects do not have a life time across multiple HTTP requests. This means that you will have to save the secret key somewhere (in Session object for example) to be able to perform API calls for the span of the user session. Also, secret keys do not have a expiration period. This means that you can use a secret key for as long as you want to. This characteristic will introduce a few particularities to consider in regards to ASP.NET Membership and Form Authentication. I will cover this aspect  in a future article.