(Delphi DLL) Twitter OAuth1 Authorization (3-legged)

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, FileAccess, Hashtable, Socket, HttpResponse, StringBuilder, JsonObject, HttpRequest, Task;

...

procedure TForm1.Button1Click(Sender: TObject);
var
consumerKey: PWideChar;
consumerSecret: PWideChar;
requestTokenUrl: PWideChar;
authorizeUrl: PWideChar;
accessTokenUrl: PWideChar;
callbackUrl: PWideChar;
callbackLocalPort: Integer;
http: HCkHttp;
success: Boolean;
req: HCkHttpRequest;
resp: HCkHttpResponse;
hashTab: HCkHashtable;
requestToken: PWideChar;
requestTokenSecret: PWideChar;
sbUrlForBrowser: HCkStringBuilder;
url: PWideChar;
listenSock: HCkSocket;
backLog: Integer;
maxWaitMs: Integer;
task: HCkTask;
sock: HCkSocket;
startLine: PWideChar;
requestHeader: PWideChar;
sbResponseHtml: HCkStringBuilder;
sbResponse: HCkStringBuilder;
sbStartLine: HCkStringBuilder;
numReplacements: Integer;
authVerifier: PWideChar;
accessToken: PWideChar;
accessTokenSecret: PWideChar;
userId: PWideChar;
screenName: PWideChar;
json: HCkJsonObject;
fac: HCkFileAccess;

begin
consumerKey := 'TWITTER_CONSUMER_KEY';
consumerSecret := 'TWITTER_CONSUMER_SECRET';

requestTokenUrl := 'https://api.twitter.com/oauth/request_token';
authorizeUrl := 'https://api.twitter.com/oauth/authorize';
accessTokenUrl := 'https://api.twitter.com/oauth/access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := CkHttp_Create();

CkHttp_putOAuth1(http,True);
CkHttp_putOAuthConsumerKey(http,consumerKey);
CkHttp_putOAuthConsumerSecret(http,consumerSecret);

req := CkHttpRequest_Create();
CkHttpRequest_AddParam(req,'oauth_callback',callbackUrl);

resp := CkHttp_PostUrlEncoded(http,requestTokenUrl,req);
if (CkHttp_getLastMethodSuccess(http) <> True) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add('Failed response status code: ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
    CkHttpResponse_Dispose(resp);
    Exit;
  end;

hashTab := CkHashtable_Create();
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
requestTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');
CkHttp_putOAuthTokenSecret(http,requestTokenSecret);

CkHttpResponse_Dispose(resp);

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := CkStringBuilder_Create();
CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl);
CkStringBuilder_Append(sbUrlForBrowser,'?oauth_token=');
CkStringBuilder_Append(sbUrlForBrowser,requestToken);
url := CkStringBuilder__getAsString(sbUrlForBrowser);

// At this point, your application should load the URL in a browser.
// For example, 
// in C#: System.Diagnostics.Process.Start(url);
// in Java: Desktop.getDesktop().browse(new URI(url));
// in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
//              wsh.Run url
// in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
// in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
// The Microsoft account owner would interactively accept or deny the authorization request.

// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...

// When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := CkSocket_Create();

backLog := 5;
success := CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(listenSock));
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
maxWaitMs := 60000;
task := CkSocket_AcceptNextConnectionAsync(listenSock,maxWaitMs);
CkTask_Run(task);

// At this point, your application should load the URL in a browser.
// For example, 
// in C#: System.Diagnostics.Process.Start(url);
// in Java: Desktop.getDesktop().browse(new URI(url));
// in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
//              wsh.Run url
// in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
// in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
// The Twitter account owner would interactively accept or deny the authorization request.

// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// System.Diagnostics.Process.Start(url);

// Wait for the listenSock's task to complete.
success := CkTask_Wait(task,maxWaitMs);
if (not success or (CkTask_getStatusInt(task) <> 7) or (CkTask_getTaskSuccess(task) <> True)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(CkTask__lastErrorText(task));
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(CkTask__status(task));
        Memo1.Lines.Add(CkTask__resultErrorText(task));
      end;
    CkTask_Dispose(task);
    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
CkSocket_Close(listenSock,10);

// First get the connected socket.
sock := CkSocket_Create();
CkSocket_LoadTaskResult(sock,task);
CkTask_Dispose(task);

// Read the start line of the request..
startLine := CkSocket__receiveUntilMatch(sock,#13#10);
if (CkSocket_getLastMethodSuccess(sock) <> True) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// Read the request header.
requestHeader := CkSocket__receiveUntilMatch(sock,#13#10 + #13#10);
if (CkSocket_getLastMethodSuccess(sock) <> True) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponseHtml,'<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponse,'HTTP/1.1 200 OK' + #13#10);
CkStringBuilder_Append(sbResponse,'Content-Length: ');
CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml));
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_Append(sbResponse,'Content-Type: text/html' + #13#10);
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_AppendSb(sbResponse,sbResponseHtml);

CkSocket_SendString(sock,CkStringBuilder__getAsString(sbResponse));
CkSocket_Close(sock,50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine := CkStringBuilder_Create();
CkStringBuilder_Append(sbStartLine,startLine);
numReplacements := CkStringBuilder_Replace(sbStartLine,'GET /?','');
numReplacements := CkStringBuilder_Replace(sbStartLine,' HTTP/1.1','');
CkStringBuilder_Trim(sbStartLine);

// oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
Memo1.Lines.Add('startline: ' + CkStringBuilder__getAsString(sbStartLine));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkStringBuilder__getAsString(sbStartLine));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
authVerifier := CkHashtable__lookupStr(hashTab,'oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

CkHttp_putOAuthToken(http,requestToken);
CkHttp_putOAuthVerifier(http,authVerifier);

// We don't need the "Authorization: OAuth ..." header for this POST.
CkHttp_putOAuth1(http,False);
CkHttpRequest_RemoveParam(req,'oauth_callback');
CkHttpRequest_AddParam(req,'oauth_verifier',authVerifier);
CkHttpRequest_AddParam(req,'oauth_token',requestToken);

resp := CkHttp_PostUrlEncoded(http,accessTokenUrl,req);
if (CkHttp_getLastMethodSuccess(http) <> True) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Make sure a successful response was received.
if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add(CkHttpResponse__statusLine(resp));
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

accessToken := CkHashtable__lookupStr(hashTab,'oauth_token');
accessTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');
userId := CkHashtable__lookupStr(hashTab,'user_id');
screenName := CkHashtable__lookupStr(hashTab,'screen_name');

CkHttpResponse_Dispose(resp);

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);
Memo1.Lines.Add('user_id = ' + userId);
Memo1.Lines.Add('screen_name  = ' + screenName);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
json := CkJsonObject_Create();
CkJsonObject_AppendString(json,'oauth_token',accessToken);
CkJsonObject_AppendString(json,'oauth_token_secret',accessTokenSecret);
CkJsonObject_AppendString(json,'user_id',userId);
CkJsonObject_AppendString(json,'screen_name',screenName);

fac := CkFileAccess_Create();
CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/twitter.json',CkJsonObject__emit(json),'utf-8',False);

Memo1.Lines.Add('Success.');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHashtable_Dispose(hashTab);
CkStringBuilder_Dispose(sbUrlForBrowser);
CkSocket_Dispose(listenSock);
CkSocket_Dispose(sock);
CkStringBuilder_Dispose(sbResponseHtml);
CkStringBuilder_Dispose(sbResponse);
CkStringBuilder_Dispose(sbStartLine);
CkJsonObject_Dispose(json);
CkFileAccess_Dispose(fac);

end;