Twitter OAuth in C++ for Win32

The Problem

There seems to be lackluster support for Twitter in the C++ community.  I haven’t yet seen a single Twitter client for Windows written in C++ that was… acceptable.

Accessing the Twitter API using Basic Authentication is pretty straightforward, however Basic Authentication is going to be turned off on August 16th, 2010 (last I checked), and after that will require all applications to use OAuth.

Having looked into what it would take to implement OAuth, I’m not surprised that few people have jumped at the opportunity to do so.  I had to scrounge around the net for several hours in order to piece together the necessary information and code required to implement bare bones OAuth functionality in C++, it’s fairly involved, and not at all well documented.

Existing Libraries

There are currently only two C++ Twitter libraries listed on Twitter’s library list, QTwitLib, and Twitcurl.  Neither appears to be under active development, they’re both GPL (which I’m not a big fan of), QTwitLib uses Qt (which I’m not a big fan of), and neither support OAuth anyway.

There is only one C++ OAuth library, liboauth, listed on Twitter’s OAuth library list, and it requires OpenSSL or Mozilla’s NSS.  OpenSSL requires Perl and NASM to be installed to build, and while I haven’t looked at NSS much, it doesn’t appear to be sync-and-go either.  At least liboauth is available under an MIT License, so this is something I might return to later.  It might be possible to remove HTTPS support and drop the dependencies without too much headache.

The Solution

So the perfectly rational (and conveniently most interesting) solution, is to try and write up some OAuth code from scratch… or from bits and pieces anyway.  Be warned, this isn’t going to be pretty.

Register Your App

The project should work out of the box, as I’ve included test keys registered to me that will work just fine, however if you’re going to alter the program at all, it would be better to register your own application that way I won’t get all the credit/blame, it’s quick and easy.

Log into Twitter’s website and hit their Register An Application page.  Choose a name for your app (you can change it later), and it can’t include the word “twitter”.  Select “Client” not “Browser”, choose “Read & Write” (if you want to be able to post), and you can leave “Use Twitter for login” unchecked.

Once your application is created, make a note of the Consumer Key and Consumer Secret, these can be found under the Application Detail link from the application edit page.  These values uniquely identify your program to Twitter.

Download The Code

The example project and source files are available on Google Code.

The code is C++ for Win32, with a Visual Studio 2008 project file.

Use The Code

The code I’ve provided is not great and only superficially tested, please do not actually use it for anything, although you’re free to do so at your own risk.  I wrote it mostly in a single 8 hour stretch on a Friday night (yay Dr. Pepper), all the while googling for docs and samples on OAuth, and trying to figure out how to calculate an HMAC-SH1 hash.  That being said, it does work more or less.

Take your Consumer Key and Consumer Secret you got when you registered your app, and plug them into the similarly named variables at the top of tc2.cpp:

wstring ConsumerKey = L"abc";
wstring ConsumerSecret = L"ABC";

At this point you should be able to compile and run the program.  I didn’t originally intend for it to have a user interface at all, so I recommend running it in Debug mode under a debugger, as helpful trace information is displayed in the debug output window.

  1. When you run the application, it will attempt to connect to twitter, launch the Twitter authorization page in your web browser, and then prompt you on the console to enter the PIN that will be provided to you on the Twitter website.
  2. Go to your browser (it may not come to the foreground automatically) and find the authorization page that may have opened in a new tab.  If your browser didn’t load the authorization page at all, look in the console window for “Launching http://twitter.com….” and copy and paste the entire URL into your browser.
  3. On the authorization page, Allow your application access to your Twitter account, after which you will be provided the PIN.
  4. Type the pin into the console app and hit Enter.  The app will display the authorization information, and then request your user timeline, dumping it in XML on the console.

Now that you’ve gone through this process once, the program will have saved your authorization to a file called tc2_saved.txt in the current directory (probably the project directory).  The next time you run the program, instead of re-authorizing with Twitter, it will simply re-load access token that was saved last time, and access your user time-line directly.

If you want to re-run the authorization flow, just delete tc2_saved.txt.

Anyone that has access to the contents of the saved authorization file can post as you on Twitter. This also goes for debug traces or other output that includes any access tokens and secrets.

High Level Flow

Stepping through the code will be the best way to figure it out, the app isn’t that big so it won’t take too long, but I’ll try to give a general overview of what’s going on.

OAuthWebRequest is the workhorse of the example application, every request we make to the Twitter API is through this function.

  1. We call OAuthWebRequest on http://twitter.com/oauth/request_token, providing only our Consumer Key and Consumer Secret.  The reply from request_token gives us a temporary Request Token consisting of “oauth_token” and “oauth_token_secret”.
  2. We launch a web browser to http://twitter.com/oauth/authorize?oauth_token=ABC123 and pass in the value of “oauth_token”.  The user authorizes the app and they are given a PIN number which they enter into our app.
  3. We call OAuthWebRequest on http://twitter.com/oauth/access_token providing our temporary Request Token plus the PIN number we got from the user, and we get back our permanent Access Token values, “oauth_token” and “oauth_token_secret”.  We save our Access Token to disk for future use.
  4. We can now call OAuthWebRequest whenever we want to access the Twitter API as the authorized user by using the saved Access Token.  In the example, we just request the user’s main timeline at http://twitter.com/statuses/user_timeline.xml and then dump it to the screen.

However most of the “OAuth stuff” happens in BuildSignedOAuthParameters which generates all of the additional information that makes an OAuth request what it is, and not just another HTTP call.

I’ll leave things at that for now, and may go over the code in more thorough details in a follow up post, or on the Google Code project wiki.

Update: Continue to Part 2

About these ads
This entry was posted in C++, Twitter and tagged , , , , , . Bookmark the permalink.

7 Responses to Twitter OAuth in C++ for Win32

  1. poop says:

    good stuff… haven’t the slightest clue as to what this oauth is about but i compile the code in visual studio 2005 and every works! good job. I can tell that you are going to build a win32 twitter client. i can’t wait. I will be your first user (or first alpha/beta tester :)

  2. Pingback: Twitter OAuth in C++ for Win32 – Part 2 | code:brook

  3. Pingback: Twitter OAuth in C++ for Win32 – Part 3 – Updating Twitter Status | code:brook

  4. Ian says:

    hey brook, i have been asked to build an interface to an online accounting package (xero.com) that uses both ssl and oauth. all the stuff i write is in good old c++ under visual studio 2000. your code is the closest i have found to anything at all that will compile and run under windows.. there seems to be a lot of oauth support for everything except standard c libraries under windows. if you’re not using DOTNet, your pretty stuck under windows which seems crazy. would you be interested in helping build a C compilable oauth/ssl library to run over good old winsock? there’s nothing out there.

    regards

    ian

  5. Joey says:

    Brook,
    I could use some guidance. Thanks BTW for this, you’re right in that there’s not much out there for C++ stuff. Ok, so when I compile and debug I don’t get any browser windows opening. I checked the output window and after every dll that loads there’s a message indicating: Cannot find or open the PDB file. Also, the URL for the oauthwebrequest is : OAuthWebRequest(http://twitter.com/oauth/request_token?some_other_parameter=hello&another_one=goodbye). I’m sure much has changed with Twitter since you posted this, I’m hoping you can provide some insight into the authorization issue.

    Best Regards,

    Joey

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s