How do websites post to Twitter, on my behalf? Is this OAuth?

Question

Hi folks,

i'm wanting to allow my website to post (an authorised user) to twitter (eg. update status).

How do websites do this? eg. TwitPic, etc?

I know i had to authenticate at one point with the source website -> twitter -> my twitter account. It's just like how I log into SO -> using OpenId.

Is this OAuth / the twitter's OAuth API? If it it, i'm assuming that Twitter ends up sending me back some secret token or something which I'll then store in the database against the current user (which is actually an OpenId auth'd user .. no passwords in my DB!)

I've used twitter's API using Basic Authentication perfectly fine.

Lastly, if this is OAuth, are there any .NET tutorials (or .NET MVC tutes) with this and Twitter?

Thanks folks!

Answer 1

I wrote a blog post recently on using Twitter's OAuth implementation in C#. I tried to explain it as much as I could.

http://eclipsed4utoo.com/blog/net-twitter-desktop-oauth-authentication/

Answer 2

TwitPic doesn't use OAuth, they use basic HTTP authentication, so you're sending your actual username and password through the service, which is generally not what you want to do if you value your user's security.

As for OAuth, TweetSharp has OAuth support built in, and you should be able to rip out the OAuth utilities for signing fairly easily. The best diagram on how the OAuth process works is here: oauth.net.