Random thoughts shooting out of volatile mind
Android: OAuth authentication with twitter using oauth-signpost
Twitter has recently stopped support for Basic Authentication scheme in twitter API, from now on all the app which will be using twitter api's should use OAuth authentication system. To know what is OAuth refer this wiki article and OAuth official website.
It took me few days to completely understand what is actualy going behind the scene in OAuth authentication scheme, thanks to this wonderful article.
Before starting with tutorial I assume that you know basics of android like creating a project , editing manifest files and configuring build paths. I won't be covering those here.
  1. For using OAuth in android we will use a library called oauth-signpost written in java and freely available here. Download the oauth-signpost core and commons http jars. Add these jar's to the assets folder of your android project and add them to your project build path.
  2. Before we begin we need to create a application in twitter and get our consumer key and consumer secret. Please go to this page and register your application
    • Application Name: is the unique name for your application which appears in your twitter status message.
    • Application Type: Select browser.
    • Callback URI: You can give any URL as of now, we are going to provide actual call back URL from our application code.
    • Once you are done with creating application copy the consumer key and consumer secret to a safe place
  3. Twitter uses call back URL to send back the verification PIN to our application. Normally browser type is used only for web application but what we are going to do is make our android application browsable and use Android's data URI schemes to get back PIN from twitter. Other approach is making  application type as client. In this case verification number is displayed in browser and you should ask your user to manually enter the verfication number in specified text box.
  4. To make the application browsable and register data URI schemes with android runtime add following intent filter to your activity in AndroidManifest.xml. Browsable means your application can be launched using the data URI scheme registered in android manifest. For eg. you can open the android browser and type in scheme://host and it will launch your application also you can pass data to application from URI line.
  5.  Now declare the following variables, change consumer key and secret to the value you copied in step 2. Note that I'm declaring the CommonsHttpOAuthConsumer , OAuthProvider and HttpClient as static. I'll explain the reason later.
  6. Now add a button to your view (main.xml) and in your activities onCreate function add the following code.
  7.  What actually we are doing here is retriving the unauthorized token and token secret from the Twitter and providing the twitter actual callback URL. When user authroizes the token and token secrets the verification code is sent to this URL (i.e browser will be redirected to this URL by twitter). Lets see what is really happening in the backend. Twitter redirects the browser to the call back url with oauth_token and oauth_verifier as query parameter. For eg. In our case to this URL scheme://host?oauth_token=1xx&oauth_verifer=1234. Since we are using android data uri scheme as callback URL browser simply relaunches our application passing it the oauth_token and oauth_verifier as intent data.
  8. Since android supports multitasking relaunching just brings our application to foreground and control comes to the onResume function. We need to add the following code to our onResume function
  9. Now I'll tell you why I declared 3 variables as static. As you see when user clicks the button we are launching the browser with authorize url making our activity to go to background. And when browser returns if I didn't declare my consumer object as static i'll get error while trying to retrive the authorized token and token secret with exception message "Authorized token and token secret not set did you already retrived the authorized token and token secret". After a while of googling I got this solution. Looks like these fields in consumer object were getting reset, I think may be because of GC. Any way instead of reinitializing and going through all the pain once again I thought of declaring these variables as static and it worked like a charm!
  10. Save the access token and access secret obtained in step 8 in a safe place. These should used in your further interaction with twitter without making user login to twitter again. Note that twitter doesn't expire these access token and secret. It will be expired only when user revokes the application permission.
In the above example you might have noticed that I never used the http client which is declared. Wondering why? Well its used for posting status or retriving timelines from the twitter. You can ignore that variable :).
Thanks to this tutorial which helped me in writing the above code. It looks like the version of oauth-signpost library used in this post is older than the one which I used. In the next part I'll show how to fetch the time line from twitter and also post the status update to twitter. Till then C ya :).
Posted by: copyninja on Sunday, 26 September 2010

blog comments powered by Disqus
Fork me on GitHub