As a companion to my post on how OAuth works with Twitter, I thought I’d write another OAuth client for my own needs. There are several OAuth Objective-C libraries out there, and I am using some code from one of them, OAuthConsumer. But I did not like that the libraries overload existing classes like NSURL or some Twitter libraries. I like to put my app together of fairly loosely coupled pieces, and the OAuth piece should only do OAuth, and not much else. So, I wrote my own.
Example iPhone app
As part of the example, I also put together a very simple iPhone app that just lets you sign in to OAuth with Twitter and lets you post an update. I tried to showcase how logging in works, and how to handle things like user deauthorizing your app etc in a reasonable way.
The focus of this app is much more on the architecture than the UI; the UI is just the simplest I could put together to accomplish the purpose.
Here is the screenshot walkthrough.
It is not great that the user goes away from the app and to the browser. But, I could not imagine how to fit the viewable PIN, PIN entry field and keyboard into the UI in a reasonable way, so I did not even try.
It wouldn’t be so bad if the PIN could be copy-pasted in a reasonable way. But, since the PIN is seven digits, iPhone tries to be helpful and thinks that it is a phone number. By tapping on it, it lets you call the PIN, but not copy it. (It actually is possible to copy if you play around with your finger.)
I don’t know what would be a good experience. Can Twitter construct some mini-PIN display that still works for a UIWebView within an app? Or can they provide an iPhone-optimized web UI for /authorize and/or just disable the phone number recognition (not sure if you can do it by some WebKit smartness)? Sending user off to browser is surely the cleanest solution from the security perspective, as you don’t capture their credentials within the context of your app.