Sample code for 30+ languages & platforms
Delphi DLL

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, FileAccess, Hashtable, Socket, HttpResponse, OAuth2, StringBuilder, JsonObject, HttpRequest, Task;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
consumerKey: PWideChar;
consumerSecret: PWideChar;
requestTokenUrl: PWideChar;
authorizeUrl: PWideChar;
accessTokenUrl: PWideChar;
callbackUrl: PWideChar;
callbackLocalPort: Integer;
http: HCkHttp;
req: HCkHttpRequest;
resp: HCkHttpResponse;
hashTab: HCkHashtable;
requestToken: PWideChar;
requestTokenSecret: PWideChar;
sbUrlForBrowser: HCkStringBuilder;
url: PWideChar;
oauth2: HCkOAuth2;
listenSock: HCkSocket;
backLog: Integer;
sock: HCkSocket;
maxWaitMs: Integer;
task: HCkTask;
startLine: PWideChar;
requestHeader: PWideChar;
sbResponseHtml: HCkStringBuilder;
sbResponse: HCkStringBuilder;
sbStartLine: HCkStringBuilder;
numReplacements: Integer;
authVerifier: PWideChar;
accessToken: PWideChar;
accessTokenSecret: PWideChar;
userId: PWideChar;
screenName: PWideChar;
json: HCkJsonObject;
fac: HCkFileAccess;

begin
success := False;

consumerKey := 'TWITTER_CONSUMER_KEY';
consumerSecret := 'TWITTER_CONSUMER_SECRET';

requestTokenUrl := 'https://api.twitter.com/oauth/request_token';
authorizeUrl := 'https://api.twitter.com/oauth/authorize';
accessTokenUrl := 'https://api.twitter.com/oauth/access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := CkHttp_Create();

CkHttp_putOAuth1(http,True);
CkHttp_putOAuthConsumerKey(http,consumerKey);
CkHttp_putOAuthConsumerSecret(http,consumerSecret);

req := CkHttpRequest_Create();
CkHttpRequest_AddParam(req,'oauth_callback',callbackUrl);

CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,requestTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add('Failed response status code: ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
    Exit;
  end;

hashTab := CkHashtable_Create();
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
requestTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');
CkHttp_putOAuthTokenSecret(http,requestTokenSecret);

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := CkStringBuilder_Create();
CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl);
CkStringBuilder_Append(sbUrlForBrowser,'?oauth_token=');
CkStringBuilder_Append(sbUrlForBrowser,requestToken);
url := CkStringBuilder__getAsString(sbUrlForBrowser);

// Launch the system's default browser navigated to the URL.
oauth2 := CkOAuth2_Create();
success := CkOAuth2_LaunchBrowser(oauth2,url);
if (success = False) then
  begin
    Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
    Exit;
  end;

// When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := CkSocket_Create();

backLog := 5;
success := CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog);
if (success = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(listenSock));
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
sock := CkSocket_Create();
maxWaitMs := 60000;
task := CkSocket_AcceptNextAsync(listenSock,maxWaitMs,sock);
CkTask_Run(task);

// Wait for the listenSock's task to complete.
success := CkTask_Wait(task,maxWaitMs);
if (not success or (CkTask_getStatusInt(task) <> 7) or (CkTask_getTaskSuccess(task) <> True)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(CkTask__lastErrorText(task));
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(CkTask__status(task));
        Memo1.Lines.Add(CkTask__resultErrorText(task));
      end;
    CkTask_Dispose(task);
    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
CkSocket_Close(listenSock,10);

CkTask_Dispose(task);

// Read the start line of the request..
startLine := CkSocket__receiveUntilMatch(sock,#13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// Read the request header.
requestHeader := CkSocket__receiveUntilMatch(sock,#13#10 + #13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponseHtml,'<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponse,'HTTP/1.1 200 OK' + #13#10);
CkStringBuilder_Append(sbResponse,'Content-Length: ');
CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml));
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_Append(sbResponse,'Content-Type: text/html' + #13#10);
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_AppendSb(sbResponse,sbResponseHtml);

CkSocket_SendString(sock,CkStringBuilder__getAsString(sbResponse));
CkSocket_Close(sock,50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine := CkStringBuilder_Create();
CkStringBuilder_Append(sbStartLine,startLine);
numReplacements := CkStringBuilder_Replace(sbStartLine,'GET /?','');
numReplacements := CkStringBuilder_Replace(sbStartLine,' HTTP/1.1','');
CkStringBuilder_Trim(sbStartLine);

// oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
Memo1.Lines.Add('startline: ' + CkStringBuilder__getAsString(sbStartLine));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkStringBuilder__getAsString(sbStartLine));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
authVerifier := CkHashtable__lookupStr(hashTab,'oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

CkHttp_putOAuthToken(http,requestToken);
CkHttp_putOAuthVerifier(http,authVerifier);

// We don't need the "Authorization: OAuth ..." header for this POST.
CkHttp_putOAuth1(http,False);
CkHttpRequest_RemoveParam(req,'oauth_callback');
CkHttpRequest_AddParam(req,'oauth_verifier',authVerifier);
CkHttpRequest_AddParam(req,'oauth_token',requestToken);

CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

success := CkHttp_HttpReq(http,accessTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Make sure a successful response was received.
if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add(CkHttpResponse__statusLine(resp));
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

accessToken := CkHashtable__lookupStr(hashTab,'oauth_token');
accessTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');
userId := CkHashtable__lookupStr(hashTab,'user_id');
screenName := CkHashtable__lookupStr(hashTab,'screen_name');

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);
Memo1.Lines.Add('user_id = ' + userId);
Memo1.Lines.Add('screen_name  = ' + screenName);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
json := CkJsonObject_Create();
CkJsonObject_AppendString(json,'oauth_token',accessToken);
CkJsonObject_AppendString(json,'oauth_token_secret',accessTokenSecret);
CkJsonObject_AppendString(json,'user_id',userId);
CkJsonObject_AppendString(json,'screen_name',screenName);

fac := CkFileAccess_Create();
CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/twitter.json',CkJsonObject__emit(json),'utf-8',False);

Memo1.Lines.Add('Success.');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkHashtable_Dispose(hashTab);
CkStringBuilder_Dispose(sbUrlForBrowser);
CkOAuth2_Dispose(oauth2);
CkSocket_Dispose(listenSock);
CkSocket_Dispose(sock);
CkStringBuilder_Dispose(sbResponseHtml);
CkStringBuilder_Dispose(sbResponse);
CkStringBuilder_Dispose(sbStartLine);
CkJsonObject_Dispose(json);
CkFileAccess_Dispose(fac);

end;