If you haven’t heard, Twitter updated their API to v2 with a steady stream of new endpoints for existing and recent services. One of the hottest additions is OAuth 2.0 authorization support. My Twitter API library, LINQ to Twitter, supports Twitter API v2, adding new endpoints as they’re announced. This post explains how LINQ to Twitter supports the Twitter API’s latest endpoints for OAuth 2.0. I’ll explain what OAuth 2.0 is and its benefits. Then I’ll dive straight into how to use OAuth 2.0 in an ASP.NET MVC application. Finally, I’ll follow-up with important configuration information for making the moving parts work together.
Understanding OAuth 2.0
Let’s set the stage for why OAuth is important by looking at all the parties involved: Twitter, Your app, and a user. As you know, Twitter is a social media app that lets people tweet, reply, and do an increasingly more amount of tasks. The user is the person who engages with both Twitter and your app to (hopefully) enhance their experience on Twitter. Your app needs to act on the user’s behalf by using the Twitter API.
The thing is, how does the user know that your app isn’t going to do anything on their account that they don’t want you to do? That’s a problem you have to solve. However, Twitter and other companies need a mechanism in place that protects users by: Not giving out a password, not having the change a password in every app, and being able to disable any app at any time.
