Sample code for 30+ languages & platforms
Objective-C

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Objective-C Downloads

Objective-C
#import <NSString.h>
#import <CkoHttp.h>
#import <CkoHttpRequest.h>
#import <CkoHttpResponse.h>
#import <CkoHashtable.h>
#import <CkoStringBuilder.h>
#import <CkoOAuth2.h>
#import <CkoSocket.h>
#import <CkoTask.h>
#import <CkoJsonObject.h>
#import <CkoFileAccess.h>

BOOL success = NO;

NSString *consumerKey = @"TWITTER_CONSUMER_KEY";
NSString *consumerSecret = @"TWITTER_CONSUMER_SECRET";

NSString *requestTokenUrl = @"https://api.twitter.com/oauth/request_token";
NSString *authorizeUrl = @"https://api.twitter.com/oauth/authorize";
NSString *accessTokenUrl = @"https://api.twitter.com/oauth/access_token";

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
NSString *callbackUrl = @"http://localhost:3017/";
int callbackLocalPort = 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
CkoHttp *http = [[CkoHttp alloc] init];

http.OAuth1 = YES;
http.OAuthConsumerKey = consumerKey;
http.OAuthConsumerSecret = consumerSecret;

CkoHttpRequest *req = [[CkoHttpRequest alloc] init];
[req AddParam: @"oauth_callback" value: callbackUrl];

req.HttpVerb = @"POST";
req.ContentType = @"application/x-www-form-urlencoded";

CkoHttpResponse *resp = [[CkoHttpResponse alloc] init];
success = [http HttpReq: requestTokenUrl request: req response: resp];
if (success == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// If successful, the resp.BodyStr contains something like this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
NSLog(@"%@",resp.BodyStr);

if ([resp.StatusCode intValue] != 200) {
    NSLog(@"%@%d",@"Failed response status code: ",[resp.StatusCode intValue]);
    return;
}

CkoHashtable *hashTab = [[CkoHashtable alloc] init];
[hashTab AddQueryParams: resp.BodyStr];

NSString *requestToken = [hashTab LookupStr: @"oauth_token"];
NSString *requestTokenSecret = [hashTab LookupStr: @"oauth_token_secret"];
http.OAuthTokenSecret = requestTokenSecret;

NSLog(@"%@%@",@"oauth_token = ",requestToken);
NSLog(@"%@%@",@"oauth_token_secret = ",requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
CkoStringBuilder *sbUrlForBrowser = [[CkoStringBuilder alloc] init];
[sbUrlForBrowser Append: authorizeUrl];
[sbUrlForBrowser Append: @"?oauth_token="];
[sbUrlForBrowser Append: requestToken];
NSString *url = [sbUrlForBrowser GetAsString];

// Launch the system's default browser navigated to the URL.
CkoOAuth2 *oauth2 = [[CkoOAuth2 alloc] init];
success = [oauth2 LaunchBrowser: url];
if (success == NO) {
    NSLog(@"%@",oauth2.LastErrorText);
    return;
}

// When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
CkoSocket *listenSock = [[CkoSocket alloc] init];

int backLog = 5;
success = [listenSock BindAndListen: [NSNumber numberWithInt: callbackLocalPort] backlog: [NSNumber numberWithInt: backLog]];
if (success == NO) {
    NSLog(@"%@",listenSock.LastErrorText);
    return;
}

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
CkoSocket *sock = [[CkoSocket alloc] init];
int maxWaitMs = 60000;
CkoTask *task = [listenSock AcceptNextAsync: [NSNumber numberWithInt: maxWaitMs] socket: sock];
[task Run];

// Wait for the listenSock's task to complete.
success = [task Wait: [NSNumber numberWithInt: maxWaitMs]];
if (!success || ([task.StatusInt intValue] != 7) || (task.TaskSuccess != YES)) {
    if (!success) {
        // The task.LastErrorText applies to the Wait method call.
        NSLog(@"%@",task.LastErrorText);
    }
    else {
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        NSLog(@"%@",task.Status);
        NSLog(@"%@",task.ResultErrorText);
    }

    return;
}

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
[listenSock Close: [NSNumber numberWithInt: 10]];

// Read the start line of the request..
NSString *startLine = [sock ReceiveUntilMatch: @"\r\n"];
if (sock.LastMethodSuccess == NO) {
    NSLog(@"%@",sock.LastErrorText);
    return;
}

// Read the request header.
NSString *requestHeader = [sock ReceiveUntilMatch: @"\r\n\r\n"];
if (sock.LastMethodSuccess == NO) {
    NSLog(@"%@",sock.LastErrorText);
    return;
}

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
CkoStringBuilder *sbResponseHtml = [[CkoStringBuilder alloc] init];
[sbResponseHtml Append: @"<html><body><p>Chilkat thanks you!</b></body</html>"];

CkoStringBuilder *sbResponse = [[CkoStringBuilder alloc] init];
[sbResponse Append: @"HTTP/1.1 200 OK\r\n"];
[sbResponse Append: @"Content-Length: "];
[sbResponse AppendInt: sbResponseHtml.Length];
[sbResponse Append: @"\r\n"];
[sbResponse Append: @"Content-Type: text/html\r\n"];
[sbResponse Append: @"\r\n"];
[sbResponse AppendSb: sbResponseHtml];

[sock SendString: [sbResponse GetAsString]];
[sock Close: [NSNumber numberWithInt: 50]];

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
CkoStringBuilder *sbStartLine = [[CkoStringBuilder alloc] init];
[sbStartLine Append: startLine];
int numReplacements = [[sbStartLine Replace: @"GET /?" replacement: @""] intValue];
numReplacements = [[sbStartLine Replace: @" HTTP/1.1" replacement: @""] intValue];
[sbStartLine Trim];

// oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
NSLog(@"%@%@",@"startline: ",[sbStartLine GetAsString]);

[hashTab Clear];
[hashTab AddQueryParams: [sbStartLine GetAsString]];

requestToken = [hashTab LookupStr: @"oauth_token"];
NSString *authVerifier = [hashTab LookupStr: @"oauth_verifier"];

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.OAuthToken = requestToken;
http.OAuthVerifier = authVerifier;

// We don't need the "Authorization: OAuth ..." header for this POST.
http.OAuth1 = NO;
[req RemoveParam: @"oauth_callback"];
[req AddParam: @"oauth_verifier" value: authVerifier];
[req AddParam: @"oauth_token" value: requestToken];

req.HttpVerb = @"POST";
req.ContentType = @"application/x-www-form-urlencoded";

success = [http HttpReq: accessTokenUrl request: req response: resp];
if (success == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// Make sure a successful response was received.
if ([resp.StatusCode intValue] != 200) {
    NSLog(@"%@",resp.StatusLine);
    NSLog(@"%@",resp.Header);
    NSLog(@"%@",resp.BodyStr);
    return;
}

// If successful, the resp.BodyStr contains something like this:
// oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
NSLog(@"%@",resp.BodyStr);

[hashTab Clear];
[hashTab AddQueryParams: resp.BodyStr];

NSString *accessToken = [hashTab LookupStr: @"oauth_token"];
NSString *accessTokenSecret = [hashTab LookupStr: @"oauth_token_secret"];
NSString *userId = [hashTab LookupStr: @"user_id"];
NSString *screenName = [hashTab LookupStr: @"screen_name"];

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
NSLog(@"%@%@",@"Access Token = ",accessToken);
NSLog(@"%@%@",@"Access Token Secret = ",accessTokenSecret);
NSLog(@"%@%@",@"user_id = ",userId);
NSLog(@"%@%@",@"screen_name  = ",screenName);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
CkoJsonObject *json = [[CkoJsonObject alloc] init];
[json AppendString: @"oauth_token" value: accessToken];
[json AppendString: @"oauth_token_secret" value: accessTokenSecret];
[json AppendString: @"user_id" value: userId];
[json AppendString: @"screen_name" value: screenName];

CkoFileAccess *fac = [[CkoFileAccess alloc] init];
[fac WriteEntireTextFile: @"qa_data/tokens/twitter.json" fileData: [json Emit] charset: @"utf-8" includePreamble: NO];

NSLog(@"%@",@"Success.");