Twitter Development: Using OAuth to Authenticate Against the Twitter API: Walkthroughs
- The user needs a Twitter account to move forward with your application,
- If the user does not have a Twitter account, your application will assist the user with setting up a new account, likely redirecting them to Twitter’s signup page,
- The user has no opportunity to enter a password directly with your application, but you will assist them with entering their password on Twitter, and finally,
- The user is able to save their access token using your desktop application, so that future access will benefit from automated authorization, bypassing this login screen entirely.
- You learned the security risk created by using Basic authorization over HTTP.
- You learned the benefits and spirit of the Data Portability movement.
- You covered the OAuth specification in detail, learning how to write code for timestamps and nonce generation, handle URI escaping, use HMAC-SHA1 encryption to sign OAuth requests, and configure HttpWebRequest to send OAuth credentials.
- You learned the OAuth workflow process, how tokens are requested and exchanged based on user authorization on the publisher site, and how an access token is used to access protected REST resources.
- You walked through the process of using OAuth authentication with web and desktop applications, and learned about some of the challenges of structuring your user experience around OAuth for applications that aren’t hosted on the web.
About the Author