How do I implement OAuth 1.0 in a Windows Phone 7 app without asking the user for their password?

Question

I am building a WP7 Twitter client. The normal OAuth 1.0 flow involves obtaining a request token by navigating a web browser to https://api.twitter.com/1/oauth/authenticate with my app's consumer key; this page will show a login prompt and ask the user to authorize my app to perform actions on their behalf. Upon completion, this page will redirect to a callback URL supplied by my app, with the request token supplied as a parameter.

For web apps this makes sense. I don't understand how this is supposed to work for a standalone mobile/desktop app, though. The Twitter API documentation seems to imply that this should be a feasible option. They do offer an alternative xAuth mechanism that allows an app to gather username/password itself and then supply that directly to obtain an access token. The API documentation points out that this is an inferior option (as it requires the user to trust the app, not just Twitter, with their password), but I don't see how I have any reasonable alternative?

(there is also a PIN-based option, but that's a pretty burdensome solution for the user)

I just want to make sure I'm not missing anything obvious.

Kevin Gosse · Accepted Answer

"For web apps this makes sense. I don't understand how this is supposed to work for a standalone mobile/desktop app, though."

Just embed a web browser control in your app, and navigate to the twitter authentication page. Then detect the redirection to the callback url (using the Navigating event) and retrieve the parameter. Many twitter apps do that, it's basically the same as asking the user for the login and password, except that instead of your own controls you're displaying twitter's page.

How do I implement OAuth 1.0 in a Windows Phone 7 app without asking the user for their password?

Answers (2)

Related Questions