This project has moved and is read-only. For the latest updates, please go here.

Oauth on windows 8 application with project keys

Feb 11, 2013 at 2:07 PM
I am developing an application about twitter on windows 8.
I want to use linq to twitter.
I want to know how do I have to configure de OAuth authentication without showing it to the user.
What kind of file do I have to create and what do I have to write in to reach linq to twitter resources?

Can someone help me please?

Feb 11, 2013 at 7:10 PM

To answer your question directly, you can avoid sending the user to the Authentication screen by providing all 4 tokens (ConsumerKey, ConsumerSecret, OAuthToken, and AccessToken) when instantiating the ICredentials instance that you assign to the Credentials property of your ITwitterAuthorizer. You can either get these credentials for your application from your Twitter application page, or authorize one time and pull the credentials out of the Credentials property of the authorizer (they don't normally expire). This is normally the approach to take for a server application, but there are implications for a client application such as the security issues and rate limits. First, you'll want to be familiar with OAuth so you can make the appropriate design decision.

There is a Win8OauthDemo on the Samples Page that shows the recommended way to perform OAuth with Windows 8. My blog post, WinRtAuthorizer–A Better Way to do OAuth with LINQ to Twitter in Windows 8, explains how this works. In that scenario, the user would need to authorize your application. My documentation on Securing your Applications explains why OAuth works the way it does and has examples of how to use it with various technologies. If you aren't familiar with OAuth, it would be good for you to review this documentation.

The security issues you need to be aware of is that if you allow users to operate on behalf of a single account, they can do anything and it's your account that is responsible. In the case of multiple users using the same account, there's no way for you to know who performed what action. All their tweets will occur on that one account.

From a rate limits point of view, multiple people can quickly exceed rate limits. This will result in errors in your code. The frustrating part is that you won't know which client exceeded the rate limit and it will be different each time, resulting in a ghosting kind of bug that comes and goes randomly for different users.

It's possible that you might have a use-case where this would work for you. i.e. you are the only user. If now, it would be good to be familiar with how and why OAuth works, the security implications, and environmental issues, like rate limits and terms of service, unique to the Twitter API.

Feb 12, 2013 at 7:50 AM
<p>Thank you very much for your answer. I think it will help me on the developpement of my application. </p> <p>Can you tell me about .pri file? There is a .pri file on the samples and I don't know if I had to take each .pri on my application (I am using multiple samples on my app)?</p> <p>I am sorry if I am disturbing you but this project is very important for me.<br> </p>
Feb 12, 2013 at 4:31 PM
The .pri file is a Windows 8 application artifact supporting the Windows 8 Resource Management System. LINQ to Twitter is a 3rd party library that you reference in your project and doesn't have any relationship to the .pri file.