Working oAuth and .NET

I recently had an idea for a mashup that would use foursquare.  I look at this as an opportunity to understand how I might leverage oAuth in the future as a solution for a Single SignOn solution.

To start with I knew that I would need a library to handle the oAuth communication. A Google searched turned up the oAuth Community Code site, which maintains a listing of popular libraries for various platforms. Among those for .NET are DotNetAuth and oAuth for .NET.  I decided to go with oAuth for .NET first.  It seemed like a solid library but for one minor drawback: it uses DI.  Dependency Injection is not a bad thing, but its not something that that I should need know to use a library.

So I decided to check out DotNetAuth which I came to found out is the same library used by Stack Overflow.  After a fair amount of testing I got a working example which walks through my first milestone: getting the token for authorization.  To start with, however, you will need to get a Key and Secret to provide to foursquare to prove you have authorization to use the service. You can get that information here.

So the first step is understanding how to get the token that proves the app is authorized to access the account.


This uses the DotNetAuth WebConsumer class to setup for our call into the foursquare oAuth service.  The service addressing is defined within Provider definition is shown below.


Looking at this code you can see what we are doing, basically pointing at where to get the oAuth token from the foursquare service.  The information is here for foursquare, though it is pretty self explanatory.

The call to Send on the Channel property will cause a redirect to the foursquare auth page where the user can enter their crerdentials and allow the app to access their data. One of the things that I found curious was that my token kept changing whenever I ran my test.  This makes me wonder if I will be able to store the token in a cookie and thus refrain from authorizing every time, which seems counterintuitive.

Thus after the allow the application will redirect back to the page that the request originated unless a callback Uri is defined.  The best way to understand how to use the library is to use this example from the foursquare HowTo:

At this point I am very confident in my understanding of the oAuth workflow and my next step will be developing an understanding of how I can store the token and then use it repeatedly without reauthorizing and also to actually pull data from my foursquare account.

Thanks to the DotNetAuth team, the Twitter interaction sample was also very helpful to understanding the library and how it can be used.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s