Titanium implementation of Twitter OAuth

My name is David Riccitelli, COO of Interact SpA, an Italian company actively involved with Internet and Communication projects since 1995, focusing on Web projects, TV/media and mobile development. My connection with twitter is quite dated, since 2006 (I proudly am the first user of Twitter in Italy - http://bit.ly/bxYtJO) when I was used to call some developers over the phone testing out the SMS service in Europe.

Recently I’ve developed an OAuth adapter in JS to allow Titanium mobile projects to exploit the new OAuth protocol, as you can see here: ziodave.tumblr.com/post/746090977. The development has been part of a major project for Enel SpA, one of the largest public utilities company in Europe. 

Twitter is soon going to disable Basic Authentication for its APIs in favor of OAuth, current date is set to 16th of August. Although xAuth is available too, its use is discouraged by Twitter.

The OAuth authentication and signing protocol is better described at hueniverse.com although the following links I believe give a better idea of what we’re talking about: 

My favorite tool for Mobile Application development is Appcelerator Titanium: it provides an abstraction layer from the underlying code and even some more development APIs make most of the work pain-free. Unfortunately though there is no OAuth support out-of-the-box and some work needs to be done in order to have it running in a mobile application.

To enable my applications to go OAuth I needed to integrate some JavaScript libraries thanks to John Kristian at oauth.net/code/oauth.js and sha1.js (the latter by Paul Johnston et al.), you will need to download them to a lib subfolder in the Resources folder of your app to have this tutorial work.

Then you need to download my piece of code and save it in the Resources folder.

Now that all the required files are set, you have to get the following from your service (Twitter in our case), by registering your application at the following address: dev.twitter.com/apps/new.

After registering ensure that you have all of the following information:

  • Consumer secret
  • Consumer key
  • Request Token URL
  • Authorize URL
  • Access Token URL
  • a Signature Method (Twitter only supports HMAC-SHA1, which is good for us)

This is sample screen from Twitter (consumer key and secret cleared out): 


Once you have the above, you’re ready to implement the OAuth Adapter on your mobile application and you can do so with a very few lines of code: create a new Ti.UI.Window and then .open() it. The following code must follow the Window (pastie.org/1021915). Be sure to set you customer secret and key:

When running the code you will see the Twitter Web UI asking to authorize your app to read/write on the Twitter profile:

After the user authorizes the application the Tweet will be sent:

  1. ziodave posted this