This project has moved and is read-only. For the latest updates, please go here.

oauth problem

Jul 1, 2009 at 12:06 AM

Hey, I am trying to store the oauth tokens so that my program can post to twitter without the user being present.

I cannot get the secret out and the oauth token seems to be 1 time use only.

I am not completely sure I understand twitters oauth.

I get the consumer key and consumer secret but when I get the user oauth token back to get the user secret I cannot seem to be able to store it.

I hope this makes sense.

Jul 1, 2009 at 1:11 AM

Yes, it makes perfect sense.  I just checked in the following update:

It adds both OAuthToken and OAuthTokenSecret properties to TwitterContext so that you can read and write them with your code.  Please let me know how it goes.


Jul 1, 2009 at 9:45 PM

thanks Joe, I will give a go and I am glad I made sense :D

Jul 17, 2009 at 3:30 PM

ninjamonk - I also am looking to store what i think you are referring to, basically - i want the user to confirm that they can use my app, and then from that point on - messages could be sent on the twitter account holders behalf should they choose to. Did you have any luck with this?




Jul 17, 2009 at 4:32 PM

Hi Jeff, Yeah the work Joe did was spot on and now you can store all the oAuth bits.

if you need an example give me a shout, I don't have my code on this machine.



Jul 17, 2009 at 5:18 PM

ninjamonk, that would be great, as i seem to be missing something here.

Jul 18, 2009 at 5:45 AM


i've copied the latest default.aspx and default.aspx.cs for change set 56603, i basically put the LinqToTwitterWebFormsDemo folder in it's own virtual dir in iis, i keep getting this error when trying to run it via f5 or localhost/

my twitterconsumerkey and consumersecret are both set in the web config.

getting this Compiler Error Message: CS0246: The type or namespace name 'WebOAuthAuthorization' could not be found (are you missing a using directive or an assembly reference?)

please advise,


Jul 19, 2009 at 4:29 AM


If you're building your web app with a mix of different versions of LinqToTwitter, then you might need to consolidate to the latest version.  If you copied just default.aspx and default.aspx.cs from the latest changeset but didn't update your linqtotwitter.dll in your web app's bin directory, I can see why you'd get that error, since WebOAuthAuthorization is pretty new and you need the latest changeset of the .dll to get that class.

Does that help?

Also, The OAuthToken and OAuthTokenSecret properties were removed very recently as well.  "Why?" you ask.  Because with the new OAuth code it didn't fit, and it is rarely necessary anyway.  For a desktop Twitter app, the OAuth token is automatically stored in the Windows Credential store implicitly for you.  And if you're building a Twitter web app, just change the way the InMemoryTokenManager works to suit your needs.

Jul 19, 2009 at 4:47 AM


thanks for your help here, i downloaded 56603 in the LinqToTwitterWebFormsDemo folder > bin

the only dll in there is Microsoft.Contracts.dll am i on the wrong one?


Jul 19, 2009 at 5:03 AM

You need to download the entire codebase and build the LinqToTwitter project so that the linqtotwitter.dll is put into the sample web app's Bin directory.

Jul 20, 2009 at 8:44 PM

trying to compile the class files - i get an error

Error 1 The type or namespace name 'Mvc' does not exist in the namespace 'System.Web' (are you missing an assembly reference?) C:\web\linqtwit\App_Code\MvcOAuthAuthorization.cs 11 18 C:\web\linqtwit\

i have .net 3.5 framework installed - please advise.

Jul 20, 2009 at 9:20 PM


You need to install ASP.NET MVC in order to build Linq2Twitter.

Jul 20, 2009 at 10:50 PM


ok i installed that now i get to here

Error 1 The type or namespace name 'IWin32Window' does not exist in the namespace 'System.Windows.Forms' (are you missing an assembly reference?) C:\web\linqtwit\App_Code\Utilities.cs 20 43 C:\web\linqtwit\


Jul 21, 2009 at 12:17 AM

You compiled from 56603 change set?

Jul 21, 2009 at 1:45 AM

Jeff, look for compile warnings above the error you mentioned and see what they say.  IWin32Window comes from the System.Windows.Forms.dll, which you should definitely already have.

Jul 21, 2009 at 2:47 AM

ervinter, aarnott,

yeah i believe it's 56603

i did not have system.web.foms - so i added that and now i have this one last error it seems

Error 1 The type or namespace name 'Window' could not be found (are you missing a using directive or an assembly reference?) C:\web\linqtwit\App_Code\Utilities.cs 84 56 C:\web\linqtwit\


Jul 21, 2009 at 3:15 AM

For that one you need the WPF assemblies.  You should see a warning above this error as well indicating which assembly you're missing.

How is it that you're missing these assemblies?

Jul 21, 2009 at 6:10 AM

got it - thanks for the replies...

will this work very similiar for a .net facebook authorization?


Jul 21, 2009 at 6:34 AM

Unfortunately, no. LinqToTwitter doesn't support Facebook, and Facebook doesn't support OAuth.

Jul 23, 2009 at 6:04 PM

ok so in the web demo

I see how to get the accessToken

<font size="2">



string accessToken = auth.CompleteAuthorize();if (accessToken != null)// Store the access token in session state so we can get at it across page refreshes. <font size="2">



// In a real app, you'd want to associate this access token with the user that is  // logged into your app at this point. <font size="2">



this.AccessToken = accessToken;

how do i get the OAuthTokenSecret that will prevent them from having to allow access everytime the user comes in? I would think i pass some method the accessToken just not sure what to call?


Jul 23, 2009 at 6:37 PM

The OAuth tokens and secrets are stored and retrieved using the ITokenManager that is in the Code directory of the sample web app.  For a real app, you'd change the InMemoryTokenManager class to a class that actually reads/writes these tokens to a database.  Then the only work left to do in the code you just referenced is look up the token itself (not its secret) based on the logged in user and set it as you see in the sample.

Jul 24, 2009 at 4:31 AM

I too am trying to get the secret token.

Should this work? I am getting an authtoken, just not sure how to get the secret token.


if (accessToken != null)
                // Store the access token in session state so we can get at it across page refreshes.
                // In a real app, you'd want to associate this access token with the user that is
                // logged into your app at this point.
                string TS = TokenManager.GetTokenSecret(accessToken);
                this.AccessToken = accessToken;
                lblSecretToken.Text = TS;



Jul 24, 2009 at 4:37 AM


Yes, the code you proposed ought to work.  But I don't know why you'd ever want to fish out the token secret. The token manager stores and retrieves these secrets as needed (and you'll need to adjust these methods to use a database rather than just memory).  So why would any other part of your web application need to read these secrets out?

Jul 24, 2009 at 2:46 PM

Aarnott - i think nhuey is like me - i'm just trying to see the secretoken (writing it to a label), to see how it's diff than the authtoken as i am picturing it the auth token basically says yes i have authorized this app to access my twitter credentials and the secret token is obtained and stored so they don't have to authorize each time. Maybe it's because i'm not all that familiar with linq - but i am still missing how we get the secret token back for storage. Maybe another example of a simple text box posting a status update on behalf of the authenticated user would help.

Jul 24, 2009 at 3:02 PM

Ah, so it sounds like you want a sample in the web app project of how to post an update... and at the moment you two may be thinking you'll need to get the token secret to do that?  Ok, I can help with that.  I'll whip up a quick sample, check it in, and post here again. 

Jul 24, 2009 at 4:17 PM

Changeset 57137 contains an update posting web sample.

Jul 24, 2009 at 10:08 PM

Thanks Andrew, I think that one will be helpful for many people.


Jul 25, 2009 at 12:14 AM

yes very much so - thanks Andrew and Joe!

Jul 29, 2009 at 2:42 PM

First, let me say thank you for the example. It works great.

However, for some reason I'm still in some need of a little help.

I saw your comments in the code about storing the tokens in a database and then feeding them back in. My question is where/what exactly do I need to feed in?

From looking at the code it looks like I need to pass in the stored value to tokensAndSecrets as well as set AccessToken.

When I manually set the token for testing, I get a 401 authorization error. I'm not really sure what else I need to set.

Thanks for any help.

Jul 29, 2009 at 7:03 PM

i too am still having issues, here is what i've attempted to do.

auth = new WebOAuthAuthorization(InMemoryTokenManager.Instance, "myaccessotkengoesherefromthedatabaselookup");

when it runs i get this "Failure looking up secret for consumer or token."

the secret for the consumer is in the web config and is correct - that should not be an issue. seems something where my accesstoken is not finding the tokensandsecret

i have previously given my twitter account access to the application.

please advise,



Jul 30, 2009 at 12:56 AM

In a real app, tokensAndSecrets should be deleted.  It's an in-memory array that should never be in a production app.  In fact the InMemoyTokenManager is almost totally scrap for a real web site. Just implement the same interface that InMemoryTokenManager does, and implement each method as trivially as possible by accessing your database to respond to whatever the method caller is asking for, and that should do it.

The AccessToken property is just for sample-supporting purposes as well.  Presumably you already have a way to tell which of your users are logged in.  And your database had better associate the access token you get from Twitter with a user account.  So you should be using the access token for the right user.  It probably doesn't belong on your TokenManager class at all.

Does that help?

Jul 30, 2009 at 4:32 AM

1. the user logs in
2. we have the logged username
3. we check the table that holds the twitter username and accesstoken (we are NOT holding the tokenandsecrect in the database)for this logged in user per your and other readings advice.
4. If once exists we call what method??? in the intokenmemory class to eliminate the user from having to authenticate each and everytime they login?

i thought i would pass the logged in users twitter accesstoken and it would look up to see if the tokensandsecret matches the accesstoken for our app.

we want them to be able to tweet from the main menu of our site about certain things they may be doing - but we don't want them to have to authenticate each time to twitter.

i was attempting to do this once we have a logged in user
--- stored proc connction  ---
object _TwitterToken = cmd.ExecuteScalar();
        string DBAccessToken = _TwitterToken.ToString();

        auth = new WebOAuthAuthorization(InMemoryTokenManager.Instance, DBAccessToken.ToString());

it seems that running the web sample postonly - all i need is an accesstoken for the logged in user - i have that i am just not sure what method to feed it into.

as always thank you very, much am learning lots.

Jul 30, 2009 at 5:48 AM

You're getting there...

You are correctly passing the user's access token to the WebOAuthAuthorization class.  The class turns around and uses the IConsumerTokenManager object you passed it as a first parameter to get the token secret.  It takes the access token you gave it in the second parameter, asks the token manager you gave it "give me the token secret for this access token" by calling a method on that interface.  Your token manager must then query the database for the token secret.  Whether you store that secret in a TokensAndSecrets table, or just in the same table and row as your user record is up to you.  But the token manager returns the token secret and then the library takes over the rest of the OAuth stuff.  

So yes, absolutely the idea is that the user only has to authorize your app once to do Twitter stuff and from then on it just works.  So obviously to make that work you need to store their access token and secret to begin with.  The storing of the access token and secret is something the library will call your token manager to do.  But if you store these tokens in their own table, record the association of access token with the user account so you can look it up later as you have done in your last message.