An example iPhone Twitter app with OAuth authentication

Jan 18, 2010

UPDATE: a newer version of this post/app is now available.

As a companion to my post on how OAuth works with Twitter, I thought I’d write another OAuth client for my own needs. There are several OAuth Objective-C libraries out there, and I am using some code from one of them, OAuthConsumer. But I did not like that the libraries overload existing classes like NSURL or some Twitter libraries. I like to put my app together of fairly loosely coupled pieces, and the OAuth piece should only do OAuth, and not much else. So, I wrote my own.

Get it

Get it from GitHub.

Example iPhone app

As part of the example, I also put together a very simple iPhone app that just lets you sign in to OAuth with Twitter and lets you post an update. I tried to showcase how logging in works, and how to handle things like user deauthorizing your app etc in a reasonable way.

The focus of this app is much more on the architecture than the UI; the UI is just the simplest I could put together to accomplish the purpose.

Here is the screenshot walkthrough.

Picture 5 twtr iphone.png

Picture 6 twtr iphone.png

Picture 7 twtr iphone.png

Picture 8 twtr iphone.png

Picture 8 twtr iphone plus.png

Picture 9 twtr iphone.png

Picture 10 twtr iphone.png

Picture 11 twtr iphone.png

It is not great that the user goes away from the app and to the browser. But, I could not imagine how to fit the viewable PIN, PIN entry field and keyboard into the UI in a reasonable way, so I did not even try.

It wouldn’t be so bad if the PIN could be copy-pasted in a reasonable way. But, since the PIN is seven digits, iPhone tries to be helpful and thinks that it is a phone number. By tapping on it, it lets you call the PIN, but not copy it. (It actually is possible to copy if you play around with your finger.)

I don’t know what would be a good experience. Can Twitter construct some mini-PIN display that still works for a UIWebView within an app? Or can they provide an iPhone-optimized web UI for /authorize and/or just disable the phone number recognition (not sure if you can do it by some WebKit smartness)? Sending user off to browser is surely the cleanest solution from the security perspective, as you don’t capture their credentials within the context of your app.