Post on 19-May-2015
Twitter & OAuth 101What’s this twit all about?
Andy Badera (@andrewbadera)andrew@badera.us
http://blog.badera.us/TVUG October 2009
Background
The Numbers
79.7M users as of October 4th (all inclusive; ~50M “official”)
$153M in funding as of end of September
28,000+ applications
30,000+ developers
$23M+ invested in third party app startups
Growth April 2008-2009
Via TechCrunch
APIs
REST API
Search API
Streaming API
REST API
api.twitter.com
Returns: XML, JSON, RSS, ATOM
Read timelines
Send tweets
Read/send Direct Messages
Search API
http://search.twitter.com/
Returns: JSON, ATOM
Trends
Terms (“from:andrewbadera”)
Geolocation (“near:albany within:5miles”)
New Stuff
Geolocation (improved)
Group Lists
Retweet API
Address Book
Apple Push
Search API cleanup
Fab Four
Platform Team?
Trademark Controversy
What’s safe to use?
Avoid “Twitter”
Avoid bird graphics
Avoid similar UI
Biz sez: “Use ‘tweet.’”
Goals
Register a new OAuth application
Retrieve timelines
Send Tweets
Send/Receive Direct Messages
Query Search API
.NET & Twitter
Expect-100 Continue (HttpWebRequest) Request.ServicePoint.Expect100Continue = false;
302 Redirects if ( response.StatusCode == HttpStatusCode.Redirect ) { this.Url = new Uri( uri, response.Headers["Location"] ).ToString(); this.CookieContainer.Add( response.Cookies ); }
64-bit IDs (ulong - Convert.ToUInt64(“”))
LinqToTwitter http://www.codeplex.com/LinqToTwitter
Tweetsharp http://code.google.com/p/tweetsharp/
DotNetOpenAuth http://dotnetopenauth.net:8000/
RateLimit
Ratelimit: 150 REST GETs/hour
X-RateLimitX-RateLimit-RemainingX-RateLimit
Whitelisted: 20000
Whitelisting
http://twitter.com/help/request_whitelisting
Turnaround time
In the beginning, HTTP Basic
HTTP Basic Authorization
Simple
Familiar
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Basic Auth Pulls a Fail Whale
Downsides of HTTP Basic Auth
Base64(byte[] “username:password”)
Giving credentials away to third parties
Password change
Trust
Rate limit by application IP
O-wot?
Secure API authorization
Blaine Cook (Twitter)
Chris Messina (Ma.gnolia)
Currently: OAuth 1.0A
OAuth.net
Shannon Whitley’s OAuthBase.cs
How OAuth Works
Shared secret
Nonce
Timestamp
OAuth & Twitter
Moves burden of ratelimit to user account
Read/write (typical)
Sign-in with Twitter
“Guns for cash” – one time auth
Timelines
That’s cool, but …
Real-time Search
User-Agent!
Common OAuth Gotchas
Technical
Parameter sorting
Parameter URL encoding
Server clock
Social
OAuth is not a panacea!
Use common sense!
OAuth Best Practice
“As with OpenID, OAuth is difficult to implement correctly and securely. Pick a good, dependable library to take a dependency on instead.”
--Andrew ArnottDotNetOpenAuth Authorvia email
Q&A
Thanks for your time.
Any questions?
Drinks!
JJ Rafferty’s
Route 9
North of Latham Traffic Circle on right
Next to Price Chopper parking lot
Across from Red Robin
Bibliography
Alex Payne slideshare presentation: “Twitter API 2.0”, http://www.slideshare.net/al3x/twitter-api-20
Mashable: “Twitter’s Value: 5 Eye-popping Stats”, http://mashable.com/2009/10/04/twitter-stats/
Biz Stone blog entry: “May the Tweets Be With You” http://blog.twitter.com/2009/07/may-tweets-be-with-you.html
Resources
Twitter API docs http://apiwiki.twitter.com/
Twitter Dev list http://groups.google.com/group/twitter-development-talk
API blog http://apiblog.twitter.com/ (not well updated)
@andrewbadera (http://twitter.com/andrewbadera)
http://blog.badera.us/
andrew@badera.us