I'd like to write a console program in C# that posts a Tweet to Twitter. I've never used the Twitter APIs before and don't know anything about how their authentication works. I found an API library called Twitterizer, but it seems geared towards web applications and wants the user to logon with a web browser. All the API docs on Twitter's website seems geared around this scenario as well.
Is it possible to access the Twitter APIs using a console app with no web browser access? I'm perfectly fine hard coding in the name and password for the Twitter user I want to post under as well. Thanks!
Mike
You'll need to use OAuth for authenticating in twitter.
Then use regular HTTP Request to use the twitter JSON-based API.
Here you can find a good article about OAuth, Twitter and console applications.
Also take a loot at linq2twitter lib. From it's documentation;
The Twitter API is built using
Representable State Transfer (REST).
Wikipaedia defines REST as "...a style
of software architecture for
distributed hypermedia systems...",
but I'm going to be so bold as to try
to simplify what that means. In
practice, REST is a Web service
protocol built upon Hypertext Transfer
Protocol (HTTP). You use the REST Web
service by making an HTTP call with a
URL and getting text back in some
form, which is often XML or JSON. So,
if you were to write code that made an
HTTP request with the following URL:
http://api.twitter.com/1/statuses/public_timeline.xml
You would get back an XML document
with all of the Twitter statuses from
the public timeline, which is a
snapshot in time of the last 20 tweets
at the time of your request. Go ahead
and open your browser, copy and paste
the URL above into the address bar,
and see what you get back.
I couldn't find any decent information on the web on how to do this, so I decided to write my own blog post with all the details.. Enjoy!
http://blog.kitchenpc.com/2011/01/22/rise-of-the-twitterbot/
of course you can use anything to connect to Twitter via RESTful api.
you should use oauth, and set up your application in http://dev.twitter.com, then you should read all articles listed in documents, you must specify your app as Client but not Browser so user input a number to get through authentication.
you can use many libraries so that you can save your time, all are listed in the documents
and be CAREFUL, you should not use Twitter's own api console which is buggy (as i know parameters somtimes can't be parsed), you should use APIgee instead which is powerful and stable.
if you want use basic authentication, you should use api proxy (one famous is twip), if you just need only one single C# apps, you must code by yourself:
you should use given username and password to login twitter, parse cookies passed
use normal oauth to get temporaly access token url.
use cookies got from step 1, emulates form submit to allow your apps, capture PIN code
use pin code to finish oauth.
MOST IMPORTANT, you must store access token in client's machine so next time you can bypass above steps
Just wrote a Twitter Bot in C#. This is currently posting tweets to #valuetraderteam.
https://gist.github.com/sdesalas/c82b92200816ecc83af1
The API component in the GIST below is less than 500 lines, only dependency is Json.NET, you'll need to download the latest DLL for either x64 or x86 (depending on what platform you are targetting) and include as a reference in your project.
There is an example at the bottom of the page of how you can make a tweet from a console application
Hopefully this is useful to some other people out there.
Related
I am trying to work with the asana API in my C# Windows Application and have several questions I'd like to ask.
When you register your application with asana, it wants to know APP NAME, APP URL, REDIRECT URL. If it's a windows application, what values might I supply for the second two prompts?
When that is entered, you get a client id and a client secret. Is this completely different than the apikey? Is the former for OAuth and the latter for asana, or does asana work in conjunction with OAuth?
Basically I want to take a request like this: https://app.asana.com/api/1.0/tasks//stories?opt_pretty and get back in my application the same json I see when I issue the request in my browser.
You can provide localhost
You should definitely have a look at https://asana.com/developers
Your answer is there https://community.asana.com/t/can-a-windows-application-be-registered/23381 !
Good luck ;)
I have a C# Azure Web API backend where data is retrieved from a front-end Ionic Mobile App (which is basically an Angular App)
The authorization of users is done via Ionic's cloud service, so they handle the heavy lifting of registering users via FB, Twitter, basic (username/password).
My question is, when I go to call services from my backend API, how can I make sure someone just doesn't read a hardcoded username/password inside of the internal javascript code to access the backend data?
I know it's pretty far fetched, but is there anyway for the API to know the request is actually coming from the app (Android and iOS) and not just from someone trying to insert data and comments from a web browser that is unauthorized?
Since you're calling the API from JavaScript that is available for end users, you can assume that your JavaScript and all the logic/credentials contained within are accessible to all.
There are fairly secure ways around this, and FB/Twitter and their ilk have implemented it (using OAuth). Essentially, on passing credentials to the API, a token is generated, which is then used for subsequent calls to the API instead of the credentials.
You can avoid people randomly firing off 'unauthorized' requests using nonces which are generated when you render the form, and can be used only once to submit the form in question. You can then time-limit the validity of the nonce on the API end. Unfortunately, it's not foolproof, but this will limit the damage of any sort of 'brute-force' attack that you might get.
Again, with any shared 'secret' (that would guarantee the origin of requests), you have to assume that anyone with enough willpower will be able to extract it from apps, thus any method you implement here will be 100% foolproof. Probably the best you can do is have a shared secret generated for each user on each device.
Short answer: you can't.
Long answer: you can (and must) validate the behaviour of a client but not the client itself.
For example we can take a look on Pokemon Go: after a few hours there were bots able to play, after a couple of weeks Niantic started assuming Machine Learning software engineer and encrypt its API using unknown6 algorithm for stopping the bots, but after a few days of hard working the bots came again online.
You can use all the secure method of this universe (whit an high expense) but if someone (that have good knowledge of software engineering) want emulate your client at the end I will reach his objective
I am attempting to connect to Yammer using their .NET SDK but I am having a hell of a time managing this... The point of this exercise is to create an application in Azure which periodically - and AUTONOMOUSLY - contacts Yammer and fetches the latest messages from a specific Yammer group.
Does anyone know of the correct way to use the Yammer .NET SDK from, let's say, a console application, which does not rely on a browser (a.k.a. direct user interaction) to successfully connect via OAuth authentication?
What I have tried:
Trying to suss out what to do from the example given on .NET SDK page on developer.yammer.com, you can see under "Standard Process" an example which shows the LaunchSignIn() function with an incorrect signature! The example shows the usage as:
var authResponse = await OAuthUtils.LaunchSignIn(_clientConfig.ClientId, _clientConfig.RedirectUri, ssoEnabled);
whereas the actually signature I get from the dll is:
void OAuthUtils.LaunchSignIn(string clientId, string RedirectUri)
I'll forgive the missing ssoEnabled parameter... but the example claims the function receives a response, from which a Code is then extracted. This is, of course, the piece missing from my attempt to call:
(awaitable) Task<AuthEnvelope> AuthClient.AuthenticateAppAsync(string code)
I have scoured Google for information on the use of the Yammer .NET SDK but have come up empty handed. All manner of examples of connecting to Yammer but none are in any way relevant to the .NET API. The only thing in any way relevant that I have seen is the Yammer .NET API example uploaded, apparently, by the person who developed it, who posted the code on GitHub. I have checked this example but the two parts in it - one for Windows Phone and one for Windows "Modern App" - both rely on a Browser object being available, or something to that effect anyway. There are redirects, I'm supposed to have a RedirectUri for Yammer to direct me... So does this other example - which was the ONLY other example of using the .NET SDK that I could find.
I imagine that the reason the signature is different is because this isn't actually the same function at all. The one I am trying to use is in Yammer.Oss.Api.Utils whereas the example application doesn't even have the letters Utils together other than in the name of the class OAuthUtils... which leads me to believe that it is possibly under Yammer.Oss.Core.WinRT which, as luck would have it, I cannot reference at all... Yammer.Oss.Core only contains Collections, Constants, Extensions and Serialization.
By the way, in the announcement of the .NET SDK (see first link above), the link to documentation for the SDK leads to the Yammer Support page.
Skip the .NET SDK and just do the authorization yourself using the server-side flow. Then make the requests with HttpClient and add the Authorization header. The SDK might be helpful with some Modern Apps but it's overkill for most people. When working with the API manually the worst thing you'll have to deal with is deserializing the JSON responses with JSON.NET, or other JSON library.
You don't say what you are trying to build, but AFAIK WebJobs don't have a UI so you'll need to do the authorization from a console app or website. Then store the resulting OAuth token somewhere that the WebJob can access it. If you have need an OAuth token per user you'll need to store those in a database, but make efforts to protect them because each OAuth token provides access to their Yammer account.
I have an application running on a server that periodically extracts data from Google Analytics. It doesn't issue many queries so I don't think any limit would be a problem.
I have a prototype running, however I had to provide a login a password for the authentication (in code).
I see that I can generate API keys and other kind of authentication bits and pieces in the Google APIs Console, however I am not sure how to use them and whether they can be used in place of the login/password.
It just doesn't seem right to use a user login/password to authenticate a server application.
Is there another way?
(I am using the C# client library)
You should be using OAuth 2.0. See:
http://code.google.com/p/google-gdata/source/browse/trunk/clients/cs/samples/oauth2_sample/oauth2demo.cs
for a sample OAuth workflow.
The best way to do this is with Google Service Accounts
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
However, I don't know off the top of my head the best library for c#, but there does appear to be support for it in the Google library. http://code.google.com/p/google-api-dotnet-client/wiki/OAuth2#Service_Accounts
Here's a answer specifically about the PHP client.
Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?
I'm currently attempting to use the OAuth 2.0 User-Agent Flow with a clientside C# application, and I'm running into some confusion relating to the redirect URI.
Because I'm working with a clientside application, I cannot supply a standard redirect URL to a web server. However, according to the people I'm trying to authenticate with (Salesforce, in this instance), the User-Agent Flow is the correct one to use for a clientside application.
My question is, what can I do to catch the access token in this situation? Apparently I can create a "local resource accessible to the client," but I'm unfamiliar with the mechanics behind this, and I can't find any resources on the topic (partly because I don't know what to look for).
Any pointers as to where I should start looking would be greatly appreciated.
Edit: Some more digging has revealed the following stackoverflow question:
How do I develop against OAuth locally?
I'm doing some more investigating with what they suggested, but any other suggestions would be great as well.
Edit: Some more searching revealed this article:
http://sarangasl.blogspot.com/2010/09/create-simple-web-service-in-visual.html
Still feels like I'm poking around in the dark without an understanding of the larger picture, but I believe I need to set up a local web service using localhost and point my redirect URI there. I'll then use my web service to unwrap the response from the OAuth server and have my application respond appropriately. More updates to come.
Ooookay. So from what I've been able to gather, I need to set up a local web service to supply as the callback for OAuth. I need to listen on said web service myself and catch the callback to pass it to my app. However, the default ASP.NET web service provided by VS2010 does not support URL parameters, just API calls, so I apparently need to use the WCF Rest starter kit instead.
I am completely foreign to all of this, so any tips would be a godsend at this point. In general, I'm thinking I set up a local WCF Rest service, supply that local URI to OAuth as the callback, and then catch the callback URL using the Rest service. Then I parse the URL and extract the access token. At this point, does my app request the access token, or can my web service "give" the token to my app? I.e., where should the locus of control be?
Figured out a clever way to work around this. Instead of setting up a service to listen for OAuth's redirect URL, I embedded a WebBrowser control inside my Windows form.
I pointed this embedded WebBrowser to the authentication URL and let the user log in and authenticate with Salesforce and grant permissions to my app. Then, I let Salesforce redirect my embedded browser to a dummy redirect URL that I supply. This redirect never actually goes anywhere, it just shows up as a 404.
However, by monitoring WebBrowser.Url, I can pick up the entire URL that my embedded WebBrowser control is directed to, including the access token that is appended by Salesforce. Basically, after the user authenticates and grants permissions, the embedded browser is redirected to "http://www.dummyurl.com." Salesforce appends the access token, so WebBrowser.Url ends up looking something like this:
http://www.dummyurl.com#access_token=ABCDEF&instance_url=ABCDEF
From here, I can just parse the URL and go on my way. No third-party web server or local web service required. :)
The call the Authorization type you need Authonomous Client http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com#Obtaining_a_Token_in_an_Autonomous_Client_.28Username-Password_Flow.29. Read about the URL you have to send there.
grant_type=password&client_id=<your_client_id>&client_secret=<your_client_secret>&username=<your_username>&password=<your_password>
You can use DotNetOpenAuth library. There's an example using WPF, where it uses a winforms control called ClientAuthorizationView provided by DotNetOpenAuth library.
It is a control that hosts a browser allowing the user to authorize the client without leaving the application.
Hope this help.
Regards