(Delphi ActiveX) Twitter OAuth1 Authorization (3-legged)

Demonstrates 3-legged OAuth1 authorization for Twitter.

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
consumerKey: WideString;
consumerSecret: WideString;
requestTokenUrl: WideString;
authorizeUrl: WideString;
accessTokenUrl: WideString;
callbackUrl: WideString;
callbackLocalPort: Integer;
http: TChilkatHttp;
success: Integer;
req: TChilkatHttpRequest;
resp: IChilkatHttpResponse;
hashTab: TChilkatHashtable;
requestToken: WideString;
requestTokenSecret: WideString;
sbUrlForBrowser: TChilkatStringBuilder;
url: WideString;
listenSock: TChilkatSocket;
backLog: Integer;
maxWaitMs: Integer;
task: IChilkatTask;
sock: TChilkatSocket;
startLine: WideString;
requestHeader: WideString;
sbResponseHtml: TChilkatStringBuilder;
sbResponse: TChilkatStringBuilder;
sbStartLine: TChilkatStringBuilder;
numReplacements: Integer;
authVerifier: WideString;
accessToken: WideString;
accessTokenSecret: WideString;
userId: WideString;
screenName: WideString;
json: TChilkatJsonObject;
fac: TCkFileAccess;

begin
consumerKey := 'TWITTER_CONSUMER_KEY';
consumerSecret := 'TWITTER_CONSUMER_SECRET';

requestTokenUrl := 'https://api.twitter.com/oauth/request_token';
authorizeUrl := 'https://api.twitter.com/oauth/authorize';
accessTokenUrl := 'https://api.twitter.com/oauth/access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := TChilkatHttp.Create(Self);

http.OAuth1 := 1;
http.OAuthConsumerKey := consumerKey;
http.OAuthConsumerSecret := consumerSecret;

req := TChilkatHttpRequest.Create(Self);
req.AddParam('oauth_callback',callbackUrl);

resp := http.PostUrlEncoded(requestTokenUrl,req.ControlInterface);
if (http.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
Memo1.Lines.Add(resp.BodyStr);

if (resp.StatusCode <> 200) then
  begin
    Memo1.Lines.Add('Failed response status code: ' + IntToStr(resp.StatusCode));

    Exit;
  end;

hashTab := TChilkatHashtable.Create(Self);
hashTab.AddQueryParams(resp.BodyStr);

requestToken := hashTab.LookupStr('oauth_token');
requestTokenSecret := hashTab.LookupStr('oauth_token_secret');
http.OAuthTokenSecret := requestTokenSecret;

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := TChilkatStringBuilder.Create(Self);
sbUrlForBrowser.Append(authorizeUrl);
sbUrlForBrowser.Append('?oauth_token=');
sbUrlForBrowser.Append(requestToken);
url := sbUrlForBrowser.GetAsString();

// At this point, your application should load the URL in a browser.
// For example, 
// in C#: System.Diagnostics.Process.Start(url);
// in Java: Desktop.getDesktop().browse(new URI(url));
// in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
//              wsh.Run url
// in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
// in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
// The Microsoft account owner would interactively accept or deny the authorization request.

// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...

// When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := TChilkatSocket.Create(Self);

backLog := 5;
success := listenSock.BindAndListen(callbackLocalPort,backLog);
if (success <> 1) then
  begin
    Memo1.Lines.Add(listenSock.LastErrorText);
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
maxWaitMs := 60000;
task := listenSock.AcceptNextConnectionAsync(maxWaitMs);
task.Run();

// At this point, your application should load the URL in a browser.
// For example, 
// in C#: System.Diagnostics.Process.Start(url);
// in Java: Desktop.getDesktop().browse(new URI(url));
// in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
//              wsh.Run url
// in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
// in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
// The Twitter account owner would interactively accept or deny the authorization request.

// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// System.Diagnostics.Process.Start(url);

// Wait for the listenSock's task to complete.
success := task.Wait(maxWaitMs);
if (not success or (task.StatusInt <> 7) or (task.TaskSuccess <> 1)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(task.LastErrorText);
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(task.Status);
        Memo1.Lines.Add(task.ResultErrorText);
      end;

    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
listenSock.Close(10);

// First get the connected socket.
sock := TChilkatSocket.Create(Self);
sock.LoadTaskResult(task);

// Read the start line of the request..
startLine := sock.ReceiveUntilMatch(#13#10);
if (sock.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(sock.LastErrorText);
    Exit;
  end;

// Read the request header.
requestHeader := sock.ReceiveUntilMatch(#13#10 + #13#10);
if (sock.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(sock.LastErrorText);
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := TChilkatStringBuilder.Create(Self);
sbResponseHtml.Append('<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := TChilkatStringBuilder.Create(Self);
sbResponse.Append('HTTP/1.1 200 OK' + #13#10);
sbResponse.Append('Content-Length: ');
sbResponse.AppendInt(sbResponseHtml.Length);
sbResponse.Append(#13#10);
sbResponse.Append('Content-Type: text/html' + #13#10);
sbResponse.Append(#13#10);
sbResponse.AppendSb(sbResponseHtml.ControlInterface);

sock.SendString(sbResponse.GetAsString());
sock.Close(50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine := TChilkatStringBuilder.Create(Self);
sbStartLine.Append(startLine);
numReplacements := sbStartLine.Replace('GET /?','');
numReplacements := sbStartLine.Replace(' HTTP/1.1','');
sbStartLine.Trim();

// oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
Memo1.Lines.Add('startline: ' + sbStartLine.GetAsString());

hashTab.Clear();
hashTab.AddQueryParams(sbStartLine.GetAsString());

requestToken := hashTab.LookupStr('oauth_token');
authVerifier := hashTab.LookupStr('oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.OAuthToken := requestToken;
http.OAuthVerifier := authVerifier;

// We don't need the "Authorization: OAuth ..." header for this POST.
http.OAuth1 := 0;
req.RemoveParam('oauth_callback');
req.AddParam('oauth_verifier',authVerifier);
req.AddParam('oauth_token',requestToken);

resp := http.PostUrlEncoded(accessTokenUrl,req.ControlInterface);
if (http.LastMethodSuccess <> 1) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

// Make sure a successful response was received.
if (resp.StatusCode <> 200) then
  begin
    Memo1.Lines.Add(resp.StatusLine);
    Memo1.Lines.Add(resp.Header);
    Memo1.Lines.Add(resp.BodyStr);
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
Memo1.Lines.Add(resp.BodyStr);

hashTab.Clear();
hashTab.AddQueryParams(resp.BodyStr);

accessToken := hashTab.LookupStr('oauth_token');
accessTokenSecret := hashTab.LookupStr('oauth_token_secret');
userId := hashTab.LookupStr('user_id');
screenName := hashTab.LookupStr('screen_name');

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);
Memo1.Lines.Add('user_id = ' + userId);
Memo1.Lines.Add('screen_name  = ' + screenName);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
json := TChilkatJsonObject.Create(Self);
json.AppendString('oauth_token',accessToken);
json.AppendString('oauth_token_secret',accessTokenSecret);
json.AppendString('user_id',userId);
json.AppendString('screen_name',screenName);

fac := TCkFileAccess.Create(Self);
fac.WriteEntireTextFile('qa_data/tokens/twitter.json',json.Emit(),'utf-8',0);

Memo1.Lines.Add('Success.');
end;