Migrating from Basic Auth to OAuth XAuth

Ylan edited this page Sep 14, 2010 · 5 revisions

Twitter has said many times that basic auth will be deprecated in June 2010. It is therefore essential for all client applications to migrate to the new login system of OAuth, which does not require a client to store or send the user’s password over the network. This page is meant to make it very easy to get started with OAuth in MGTwitterEngine, even if you don’t know much or anything about how OAuth works.

To make authenticated requests with OAuth, you must first obtain an OAuth access token from Twitter. This is authenticated for one user and one application. The easiest way to do this is by using XAuth, although this is not available to everyone. If you use XAuth, you must prompt the user for their username and password, which you send to Twitter. You can also get this using the normal OAuth login flow, which bounces the user to a web browser and requires a PIN number.

You will need to include a copy of OAuthConsumer along with your MGTwitterEngine code.

App Setup

To begin, you must setup your application with Twitter. This will give you two values: the consumer key and the consumer secret. These two unique IDs are used to identify your app when you make requests. You can set up your application here. If you want XAuth access (and you probably do), you’ll have to manually ask Twitter to approve your application. See this page for more information.

Once you have created the application on Twitter, you’ll need to make some changes to support OAuth. When you init your MGTwitterEngine, you should call -[MGTwitterEngine setConsumerKey:secret:]. After this, you need to replace any code which loads, saves, and sets the username and password with code that loads, saves, and sets the access token.

Obtaining an XAuth access token

To get an access token, you need to obtain the username and password from the user through some UI. Once you have this, call -[MGTwitterEngine getXAuthAccessTokenForUsername:password:] to begin fetching the token. -[id<MGTwitterEngineDelegate> accessTokenRecieved:forRequest:] will get called when the token is received. Then, call -[MGTwitterEngine setAccessToken:] and you can make authenticated requests over OAuth.