Twitter OAUTH and a Win32 EXE Desktop Application

I have been coding against a Delphi EXE (win32 desktop app) to access twitter and do certain functions. It used to use Basic authentication with the api limitation. I know I have to convert this to OAuth. I have been reading over the documentation trying to determine the best approach. I understand the best method is the Web browser with a call back url. I also know that Twitter includes a Pin Based (oob) authentication method. I figured this was the route to go with this application, but I want to make sure since that is not seamless. It requires the user to go external to the application and get a pin number. It also is not as secure since the access token returned never expires.

I am using Indy v10 components to do the GET/POST operations, so I am wondering if there is a way to do this using them and being able to do a callback and not use the Pin authentication method.

Can anyone help me?

Also I've been trying to get Chuck Beasley's Twitter Class working in Delphi 7 with Indy v10 and I've been having trouble. IdObjs and Idsys don't exist anymore. Has anyone got this class to work with my scenario? Thanks, David

OAuth is a standard used for Web applications, its text is liberally littered with the word 'agent', meaning a browser. The best solution IMHO is, if possible, to actually have a callback URL, meaning you have your own site which provides the service to back your application functionality. There are services that make this possible for third parties already, like JanRain. If these options are not feasible (meaning you cannot provide a true WWW site for the callback URL) not feasible, then your only option is indeed the out-of-band authentication, oob. Don't even think about having the OAuth authentication call back the app listening on some port, that is completely unreliable for 1) the vast majority of apps will sit behind some sort of NAT device (router, outbound proxy) which makes them unreachable from the OAuth prvider and 2) the OS firewall will block your incoming calls.

You do not need to run your own website to utilize OAuth's callback URL. All that does is tell OAuth what URL to redirect the agent/browser to when the authentication finishes. TIdHTTP has an OnRedirect event that can be used to catch that redirection. OR, simply set the HandleRedirects property to False and handle the redirect URLs manually. In Chuck's original code, he is using a TEmbeddedWB component to handle the UI portion of authentication (entering credentials and granting permission) and then intercepting the callback redirect so the rest of the code can use the provided auth tokens.

Remy Lebeau - TeamB 2010-10-22 00:12:09

@Remy: I think you're right. I was thinking in terms of OpenID, where the relying party realm discovery requires a web site. But OAuth works differently, based on the application secret/public key pair and does not require Twitter to 'call' your realm.

Remus Rusanu 2010-10-22 00:41:02

There is already an open feature ticket in Indy's issue trackers for adding native OAuth support to a future version.

Remy Lebeau - TeamB 2010-10-22 20:29:36

thats good news. Thanks!

DavieDave 2010-10-22 21:28:16

as a follow up question on this. I have Indy 9 it seems. I am having issues finding some files to make the indy implementation work since I need to hash things for the twitter app. I assume I need a newer version to have this (IdHashSHA1.pas) file. I found Indy 10 source files under Subversion, but can someone tell me how to get this to compile under Delphi 7?

DavieDave 2010-10-24 18:07:28

I recommend you ask a new question, as to draw the right set of eyes on it.

Remus Rusanu 2010-10-24 20:14:55

ansaurus

tags:

views:

answers:

Twitter OAUTH and a Win32 EXE Desktop Application

related questions