2

I have a web application in which any user if opt for social media automation such as twitter, they click on twitter button and a oauth procedure is done. That oauth process is done using php.

I store the oauth token and oauth secret for that particular user in the database.

Now I have four keys:

ConsumerKey // common for all as it is the key of app in dev.twitter.com
ConsumerSecret // common for all as it is the secret of app in dev.twitter.com
OauthToken //store in database, which keeps on changing as other user activates the socia media
OauthTokenSecret //store in database, which keeps on changing

I have applied all the authorizing technique like below:

 var auth = new MvcAuthorizer
            {
                Credentials = new InMemoryCredentials
                {
                    ConsumerKey = "###################",
                    ConsumerSecret = "##################",
                    OAuthToken = token,
                    AccessToken = secret
                }
            };
            auth.Authorize(); 


 var auth = new SingleUserAuthorizer
            {
                Credentials = new InMemoryCredentials
                {
                    ConsumerKey = "###############",
                    ConsumerSecret = "#############################",
                    OAuthToken = token,
                    AccessToken = secret
                }
            };
            auth.Authorize();

The problem is if I enter the Token and secret which is given on the site dev.twitter.com everything works fine but if I provide the token and secret stored in the database it does not authenticate the user.

Furquan Khan
  • 1,586
  • 1
  • 15
  • 30

1 Answers1

1

On SingleUserAuthorizer, don't call Authorize. Also, any time you provide all 4 credentials to any authorizer, you don't need to call Authoirize. LINQ to Twitter will use those credentials to build the authorization header.

The case where you would call authorize is if you only provided ConsumerKey and ConsumerSecret and the authorizer type is not SingleUserAuthorizer. Authorize implements the part of the OAuth protocol that gets the OAuthToken and AccessToken.

Your syntax for SingleUserAuthorizer should work, but here's another way that matches keys to how the Twitter app page names them:

        var auth = new SingleUserAuthorizer
        {
            Credentials = new SingleUserInMemoryCredentials
            {
                ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"],
                ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"],
                TwitterAccessToken = ConfigurationManager.AppSettings["twitterAccessToken"],
                TwitterAccessTokenSecret = ConfigurationManager.AppSettings["twitterAccessTokenSecret"]
            }
        };
Joe Mayo
  • 7,501
  • 7
  • 41
  • 60
  • what if I use different accesstoken and secret everytime. will it authenticate. – Furquan Khan Jan 14 '14 at 05:10
  • because token and secret differ for different users. And when I provide this token and secret it gives me 403 error and If i provide the token and secret which is there on the site dev.twitter.com for my app it works fine but with only one user credential – Furquan Khan Jan 14 '14 at 05:12
  • For users, you could also use a PinAuthorizer and provide all 4 tokens. – Joe Mayo Jan 14 '14 at 17:04
  • Do we have any way that user does not need to put the pin – Furquan Khan Jan 15 '14 at 08:20
  • Ok tell me one thing. Suppose my Consumer key is `x` and secret be `y` and suppose a user is `u`. Now my question is the token and secret generated for this key and secret would be always same for the user `u`? – Furquan Khan Jan 15 '14 at 09:03
  • And you now what AspNetAuthorizer does not support .Net 3.5 framework. – Furquan Khan Jan 15 '14 at 11:16
  • 1
    @FurquanKhan You don't need a PIN when you provide all 4 credentials. ConsumerToken and ConsumerSecret are always the same for your app. OAuthToken and AccessToken are unique for the person. TwitterAccessToken and TwitterAccessTokenSecret are user tokens for your app. AspNetAuthorizer is part of LinqToTwitter v3.0, which is async and only supports .NET v4.5 and above. If you need to support .NET 3.5, use LinqToTwitter 2.1. – Joe Mayo Jan 15 '14 at 17:25
  • Is LinqToTwitter using https? – Furquan Khan Jan 17 '14 at 13:16
  • 1
    Yes, LINQ to Twitter does use HTTPS. Here's a thread where I recently discussed it in more depth: https://linqtotwitter.codeplex.com/discussions/483862 – Joe Mayo Jan 17 '14 at 17:08
  • Let me explain to my scenario again. I am using .Net version 3.5. I made the twitter app and got the key and secret. Now I have a php code which handles the Authorization process and store the AccessToken and AccessTokenSecret in a db. What I do is, I already have the app consumer key and secret now I fetch those saved token and secret from the db. So which authorisation process should i follow now inorder to post tweets on user behalf or any communication with twitter. – Furquan Khan Jan 27 '14 at 08:27
  • Use a PinAuthorizer in this case and store AccessToken and AccessTokenSecret in OAuthToken and AccessToken, respectively. If you give PinAuthorizer all 4 tokens, it will just work without separate authorization. – Joe Mayo Jan 27 '14 at 16:09