Application Registration A Twitter user creates a Twitter Application If the application is web based, it needs to provide a URL. “Localhost” is not accepted as a domain for this URL A Twitter Application gets two pieces of information Consumer Key Consumer Secret A Twitter Application will use these in all coming requests.
Initializing The Process User comes to the application and it decides to authenticate against Twitter Application makes a request using Consumer Key and Secret to obtain “Oauth Request Token”, which consists of two parts Token Token Secret Application makes authentication URL including the “Oauth Request Token” parameter, and optionally a “Call-back URL” (if different than default URL in first step)
User Authentication The user is redirected to Twitter, the URL contains the “Oauth Request” to identify application authentication session Assuming the Twitter User being logged in and authorizes the Application If the application is a desktop application, Twitter gives the a user a number “Verifier” to manually write back to the application If the application is a web application, the user is redirected back to the application call-back URL with a complex “Verifier” parameter in the URL
Obtaining the Access Token The Application makes a request to Twitter including the “Oauth Request Token” and the “Verifier” It obtains an “Access Token”, likewise it consists of two-parts: Token Token Secret The application needs to send the Consumer Key and Secret and Access Token in every future request that needs the Twitter User privileges
Caching Credentials The application needs at least one authorization process as before The Access Token returned can be saved in session/DB/whatever and then re-used later The application can later use the Access Token directly along with the Consumer Key / Secret to communicate with Twitter without going through any of the previous steps
Hints for Web Applications The method GetAuthenticationUrl() has an overload that accepts a call-back URL for the user to be redirected to after obtaining verifer The important part in RequestToken is the Token part, not the secret. All parts of AccessToken are important and required When the user is redirected back from Twitter to your application, you get the following QueryString parameters sent to you oauth_token: The Token part of the Request Token oauth_verifier: The verifier required to obtain the Access Token later
Related Links More Content Like This http://gurustop.net Twitter Developers Site http://developer.twitter.com TweetSharp http://tweetsharp.codeplex.com Questions / Suggestions? http://twitter.com/meligy http://gurustop.net/contact email@example.com