Integration with RestKit

[eroth]

Hi- I'm attempting to use this project with RestKit (http://restkit.org/) and wanted to get your opinion on the best way to do so. If you're not familiar with it, RestKit handles REST operations (but not Oauth) and provides for a layer on top of Core Data to handle direct JSON/RSS object mapping to NSManagedObjects, plus a lot of other things. Unfortunately, as I mentioned, it doesn't handle Oauth, so I was wondering if there was a way to only use the authentication header generated by STHTTPRequest and pass it as a string or NSURL to RestKit, which will then make the request and perform the mapping/Core Data operations?

I've dug around a little in the code, but haven't yet identified exactly in which method of STHTTPRequest the header gets formed (that seems like where it's happening). It could be a useful feature to have, if it doesn't exist already.

Thanks,
Evan

[nst]

Do you want to replace the whole network stack from RestKit or just add some bits from STHTTPRequest?

Do you only need to build some headers? which ones exactly? the basic auth. header? or some OAuth specific authentication headers?

STHTTPRequest does not handle the OAuth protocol. It's just a wrapper around NSURLConnection. The OAuth stuff is implemented in STTwitterOAuth.m. Note that it is Twitter specific and may not work for other OAuth implementations.

[eroth]

Well, the way I've been using RestKit to handle network operations is to pass it a URL in the form of requestURL:
RKManagedObjectRequestOperation *requestOperation = [[RKManagedObjectRequestOperation alloc] initWithRequest:[NSURLRequest requestWithURL:requestURL] responseDescriptors:@[jsonResponseDescriptor]];

What I've done thus far with STTwitter is to create an instance of an app-only auth like so:
STTwitterAPIWrapper *twitter = [STTwitterAPIWrapper twitterAPIApplicationOnlyWithConsumerKey:kTwitterConsumerKey consumerSecret:kTwitterConsumerSecret];

and then execute
[twitter verifyCredentialsWithSuccessBlock:^(NSString *bearerToken)

It's in the success block that I'd like to integrate it into RestKit with the method at the top. I'm still somewhat new to Oauth, but from what I've read it seems at this point an Oauth signature is passed to Twitter with the appropriate REST command (GET in this case) and credentials.

I placed a breakpoint on getResource: in STTwitterAppOnly.m and stepped into it all the way through execution, but couldn't seem to see where or how exactly it was making the GET request to Twitter's API. I see where it's setting the request headers with the authorization, using the appropriate API URL, and setting the REST request type, but how does it then send the entire signature to Twitter when it authenticates API requests with the bearer token? Is it done in the form of a HTTP request or as a curl command? I'm looking at step 3 on this page: https://dev.twitter.com/docs/auth/application-only-auth.

And I'm seeing how the signature is constructed on this page: https://dev.twitter.com/docs/auth/creating-signature.

Sorry, I'm a bit new to this, but would like to learn and help out wherever possible!

Also, don't know if it will help, but in this post about halfway down the lead on RestKit talks about some ideas on how to implement Oauth into it: RestKit/RestKit#696.

Thanks,
Evan

[eroth]

Hey- just wanted to see if you had any ideas on this? Thanks!

[nst]

Sorry for the delay, I have been very busy these last few weeks.

"App only" requests are quite simple, they just have an 'Authorization' header and do not need the full set of OAuth headers. There is no signature in "app only" requests, so the page https://dev.twitter.com/docs/auth/creating-signature is not relevant for these requests.

So, in these "app only" requests, the header is set with [r setHeaderWithName:@"Authorization" value:@"xxx"] in -[STTwitterAppOnly postResource:baseURLString:parameters:useBasicAuth:successBlock:errorBlock:].

I tried to summarize the three kinds of authentication (PIN-based Authentication, xAuth Authentication and Application Only Authentication) in section 2 of this article: http://seriot.ch/abusing_twitter_api.php#2 maybe it can help you in getting a clearer view.

Please keep on asking questions if needed, I'll try to help if I can.

[eroth]

No worries, I completely understand. Thanks so much for the explanation, I appreciate it. I decided to go a slightly different route, as we will probably need to do user auth soon—I'm using STTwitter for all the auth parts and am just passing the returned JSON array to RestKit to do all the mapping/Core Data stuff.

The only question I have is regarding the JSON array that's returned with various REST methods—it seems that, in order to perform Core Data operations on it, I'll have to iterate through each index of the array, which seems somewhat intensive and clunky from RestKit's end (as I could have an array with 150-200 objects in it). Is it possible to directly access the returned JSON and not as an array, so RestKit could just parse it as one blob? Initially, it's returned as id json in STTwitterAppOnly.m:

- (void)getResource:(NSString *)resource
     parameters:(NSDictionary *)params
   successBlock:(void(^)(id json))successBlock
     errorBlock:(void(^)(NSError *error))errorBlock

and then you serialize it into an array.

Thanks!
Evan

[nst]

One of the goals of STTwitter is to convert Twitter API responses into Cocoa objects that can be used directly by a Twitter client. The lower classes STTwitterOAuth / STTwitterOAuthOSX / STTwitterAppOnly handle the protocol and deserialize the JSON response into NSArray / NSDictionary. STTwitterAPIWrapper sits on top of these classes. It knows Twitter API endpoints and knows how to extract specific data from their responses.

If you need to access the full JSON response from Twitter as NSArray / NSDictionary, you can access it by bypassing the STTwitterAPIWrapper layer and use the lower classes directly. Or you could implement -[STTwitterAPIWrapper getResource:parameters:successBlock:errorBlock:] so that it calls the same method on _oauth.

If you need to access the JSON response as a string, that is "uninterpreted" JSON, you could add something like this to STTwitterOAuthProtocol:

- (void)getResource:(NSString *)resource
         parameters:(NSDictionary *)params
    rawSuccessBlock:(void(^)(NSData *responseData))rawSuccessBlock // or NSString if you wish
         errorBlock:(void(^)(NSError *error))errorBlock

Let me know if it helps or if we can improve STTwitter in any way.

[eroth]

Ok, thanks!