[Archived] An OAuth 1.0 system (via liboauth) with pin-less verification via a mini callback server Examples for Twitter, Tumblr, Vimeo, Fitbit, etc.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


#This project has been archived and superceded by ofxHTTP.




An OAuth 1.0 system (via liboauth) with pin-less verification via a mini callback server (screenshot above). Examples included for Twitter, Fitbit, etc.

The demo requires:

openFrameworks https://github.com/openframeworks/openFrameworks


  1. Register an app and get your CONSUMER_KEY / CONSUMER_SECRET from the API of your choice (e.g. Twitter). Set the callback URL of your app to [] and make sure it is set up as a "web based" app (even though it is a desktop based app). This is so you can use the built-in web-server for pin-less authentication.

  2. Setup the oauth client with the correct authentication endpoints. Easy Examples are included for Twitter and Fitbit. In some cases, the easy setup must be overridden to account for non-standard endpoints (see th eFitbit example).

  3. During the first use, you will be redirected to the API's authentication server to allow your account to be used with the app you created. If your callback information is setup correctly (it should be automatically generated by the built-in mini web server), you will be redirected back to a local webpage like []. The built in webserver will parse the information and pass it back to ofxOAuth. ofxOAuth will then save the credentials to an xml file (the location and filename can be specified during setup).

  4. Make authenticated calls to your api. Press spacebar in the examples to test.

  5. If you prefer to NOT use the built in authentication server, then you can disable it by calling oauth.setEnableVerifierCallbackServer(false);. You are responsible for acquiring the pin from the user via a GUI element or other means.

##The Mini Callback Server

The mini callback server is defined in ofxOAuthVerifierCallbackServer.h and an interface is defined in ofxOAuthVerifierCallbackInterface.h.

Additionally, ofxOAuth now has a base defines methods that include:

	// from ofxOAuth.h
    // callbacks from the webserver
    void receivedVerifierCallbackRequest(const Poco::Net::HTTPServerRequest& request);
    void receivedVerifierCallbackHeaders(const Poco::Net::NameValueCollection& headers);
    void receivedVerifierCallbackCookies(const Poco::Net::NameValueCollection& cookies);
    void receivedVerifierCallbackGetParams(const Poco::Net::NameValueCollection& getParams);
    void receivedVerifierCallbackPostParams(const Poco::Net::NameValueCollection& postParams);

These are used for default parameter extraction, but can be overridden by custom subclasses when non standard oauth parameters or other data is needed.

Basically, during use the minimal web server (created using Poco's HTTPServer class) is started in a separate thread and waits for a callback from the API's authorization server. You can define the callback web page doc root by calling oauth.setVerifierCallbackServerDocRoot() with the location of your doc root. It is simple and will serve basic html, images, and javascript. It could be extended to serve other data, but this is likely not needed. If desired, html files can use tags like {@COOKIES} to print out extracted cookie data in the page dynamically. See the index.html for an example and complete listing.

#A few more things.

This lib is provided with libs for openssl, libcurl and liboauth. This allows for ssl-based authentication. In the future (once oF is distributed with an ssl compatible web client i.e. here), libcurl, openssl, etc can be removed.

##OAuth 2.0 OAuth 2.0 uses a slightly different (simpler in many ways) schema. liboauth and ofxOAuth does not directly support this out of the box, but it is in the works. If you are interested in helping develop this, please contact the author.


Copyright (c) 2010-2013 Christopher Baker http://christopherbaker.net

MIT License.

For information on usage and redistribution, and for a DISCLAIMER OF ALL WARRANTIES, see the file, "LICENSE.txt," in this distribution.