Recently I have played again with the Twitter API and finally have OAuth working. When I have first played with the Twitter API I have used the example from Tour de Flex. The example loads up the friends list and uses the Twitter AS3 API. The API is not really my taste but offers the functionality to build a Twitter client application. However when you want to have your client application to show up as the source of tweets you have to use OAuth for user authentication. It adds another step to get started but is a good decision to force developers to use OAuth which should provide more trust into the client app because users don’t like to enter their Twitter credentials into a 3rd party application.
After a bit of research a came across the awesome open source library oauth-as3. There were no examples yet but I remembered an Email from my friend Claus with a link to this github project. The example application uses the oauth-as3 library and demonstrates how to integrate the library.
To use OAuth in your Twitter application you need a consumerKey and consumerSecret which you can get after the registration of your client app: http://twitter.com/oauth_clients/ or go to your settings and select the “Connections” tab for an overview and further links.
However, the github example doesn’t work anymore because Twitter changed their API recently and implemented a PIN mechanism for desktop cients which should provide even more security.
So how does it work?
- Get the request token with your consumerKey/Secret
- Open the browser and pass the request token
- User authenticates on the Twitter site and gets a 6 digit pin code
- User enters pin code in the AIR app which you need to get the access token
- Save the accessKey/Secret in the EncryptedLocaleStorage for all further requests/sessions
I have build a high level AS3/Flex library for OAuth which is hosted on github. The library is licensed under Apache License, Version 2.0.
Check the inline comments of the IOAuth interface which should already explain the basics.
Here a little semi pseudo code example:
// create OAuth oauth:IOAuth = new OAUth(consumerKey, consumerSecret); // get request token var loader:URLLoader = oauth.getRequestToken("http://twitter.com/oauth/request_token"); loader.addEventListener(Event.COMPLETE, requestTokenHandler); function requestTokenHandler(e:Event):void { requestToken = OAuthUtil.getTokenFromResponse(e.currentTarget.data as String); var request:URLRequest = oauth.getAuthorizeRequest("http://twitter.com/oauth/authorize", requestToken.key); // opens website where user has to login on Twitter and gets 6 digit pin code navigateToURL(request, "_blank"); } function getAccessToken(pin:int):void { var loader:URLLoader = oauth.getAccessToken("http://twitter.com/oauth/access_token", requestToken, {oauth_verifier:pin}); loader.addEventListener(Event.COMPLETE, accessTokenHandler); } function accessTokenHandler(e:Event):void { accessToken = OAuthUtil.getTokenFromResponse(e.currentTarget.data as String); // TODO store accessToken.key and accessToken.secret in EncryptedLocalStorage for all further requests }
Instead of opening the Twitter authorization page in the browser the library also contains OAuthLoader which is a wrapper around HTMLLoader which enables to directly show the authorization page within an AIR window:
// use this in the requestTokenHandler instead of navigateToURL var loader:OAuthLoader = new OAuthLoader(); loader.load(request); loader.percentWidth = 100; loader.percentHeight = 100; var w:Window = new Window(); w.width = 800; w.height = 400; w.title = req.url; w.addChild(loader); w.open();
The OAuth library is not only considered to be used with Twitter but this was the first thing I have tested from AIR. When you build a web client there will be no pin mechanism but I haven’t tested this yet. If you have it working or see problems/bugs for web clients please drop a comment a or better file a bug.
Big thanks to Shannon Hicks for his core oauth as3 library and to Masayoshi Sekimura for the example which got me started.
Links
When you have set consumer key and secret it should work fine.
You may wanna try my newer example for Twitter here: http://soenkerohde.com/2010/01/twitter-as3-oauth-lib-with-flex-4-example/
Thanks, I’ll give it a look.