Ruminations of an addled mind

Random ramblings about my thoughts

Using OAUTH for Delphi

Posted by chuckbeasley on April 29, 2009

Before attempting to use OAUTH, you must obtain a developer key and secret from the service provider.  In the sample code provided in this article, I have removed my developer key and secret.  No other code modifications have been made.

Step 1 – Request request token (step A in diagram)

procedure TForm1.RqsBtnClick(Sender: TObject);
var
URL: string;
endpos: integer;
begin
Key := ‘http://www.myspace.com/developerkey';
Secret := ‘developersecret';
URL := ‘http://api.myspace.com/request_token';
// Create all objects
Consumer := TOAuthConsumer.Create(Key, Secret);
HMAC := TOAuthSignatureMethod_HMAC_SHA1.Create;

ARequest := TOAuthRequest.Create(URL);

ARequest := ARequest.FromConsumerAndToken(Consumer, nil, URL);
ARequest.Sign_Request(HMAC, Consumer, nil);
HTTPStream := TStringStream.Create(”);
URL := URL + ‘?’ + ARequest.GetString;
Response := idHTTP1.Get(URL);

endpos := AnsiPos(‘&oauth_token_secret=’, Response);
oauth_token := ”;
oauth_token := Copy(Response, 13, endpos-13);
Response := Copy(Response, endpos, Length(Response));

oauth_token_secret := Copy(Response, 21, Length(Response));
Token := TOAuthToken.Create(oauth_token, oauth_token_secret);
end;

The service provider responds by sending a token and token secret, which is parsed from the Response variable.

Step 2 – Authorize (Step C in diagram)

procedure TForm1.AuthBtnClick(Sender: TObject);
var
Callback_URL, URL :string;
begin
URL := ‘http://api.myspace.com/authorize';
Callback_URL := ‘http://www.chuckbeasley.com';
URL := URL + ‘?’ + ‘oauth_token=’ + oauth_token + ‘&’ + ‘oauth_token_secret=’ + oauth_token_secret +
‘&oauth_callback=’ + TOAuthUtil.urlEncodeRFC3986(Callback_URL);
EmbeddedWB1.Navigate(URL);
end;

The token, token secret, and call back URL are appended to the URL.  The service provider obtains user authorization and directs the consumer to the call back URL.

Step 3 – Request access token (Step E in diagram)

procedure TForm1.AccBtnClick(Sender: TObject);
var
endpos: integer;
URL: string;
begin
URL := ‘http://api.myspace.com/access_token';
Consumer := nil;
Consumer := TOAuthConsumer.Create(Key, Secret, ‘http://www.chuckbeasley.com’);
ARequest.HTTPURL := URL;
ARequest := ARequest.FromConsumerAndToken(Consumer, Token, URL);
ARequest.Sign_Request(HMAC, Consumer, Token);
URL := URL + ‘?’ + ARequest.GetString;
Response := idHTTP1.Get(URL);
endpos := AnsiPos(‘&oauth_token_secret=’, Response);
oauth_token := ”;
oauth_token := Copy(Response, 13, endpos-13);
Response := Copy(Response, endpos, Length(Response));

oauth_token_secret := Copy(Response, 21, Length(Response));
Token := TOAuthToken.Create(oauth_token, oauth_token_secret);
end;

The service provider responds by sending an access token and token secret, which is parsed from the Response variable.

Step 4 – Access protected resources (Step G on diagram)

procedure TForm1.AccRscClick(Sender: TObject);

procedure process(o: ISuperObject);
var
f: TSuperObjectIter;
i: Integer;
begin
case ObjectGetType(o) of
stObject:
begin
Memo1.Lines.Add(‘{‘);
if ObjectFindFirst(o, f) then
repeat
keypair := f.key;
process(f.val)
until not ObjectFindNext(f);
ObjectFindClose(f);
Memo1.Lines.Add(‘}’);
end;
stArray:
begin
Memo1.Lines.Add(‘[‘);
for i := 0 to o.AsArray.Length – 1 do
process(o.AsArray.O[i]);
Memo1.Lines.Add(‘]’);
end;
stString:
begin
keypair := keypair + ‘:’ +(UTF8Decode(o.AsString));
Memo1.Lines.Add(keypair);
end;
stNull:
Memo1.Lines.add(‘nil’);
else
Memo1.Lines.add(o.AsString);
end;
end;
var
json: ISuperObject;
StringList: TStringList;
URL: string;
begin
URL := ‘http://api.myspace.com/v2/people/40250975/@friends?count=10000&format=json';
Consumer := nil;
Consumer := TOAuthConsumer.Create(Key, Secret, ‘http://www.chuckbeasley.com’);
ARequest.HTTPURL := URL;
ARequest := ARequest.FromConsumerAndToken(Consumer, Token, URL);
ARequest.Sign_Request(HMAC, Consumer, Token);
URL := URL + ‘&’ + ARequest.GetString;
Response := idHTTP1.Get(URL);

StringList := TStringList.Create;
StringList.Add(Response);

json := TSuperObject.Create(stObject);
json.Merge(Response);
json := json.O['entry'];
Memo1.Lines.Clear;
process(json);
end;

This step assumes that the profile owner has authorized the application to access its protected data.  That can be performed by adding the application to the profile.

OAUTH for Delphi is available via SVN:   http://oauthdelphi.svn.sourceforge.net/.

About these ads

2 Responses to “Using OAUTH for Delphi”

  1. Ali said

    Hey,
    Do you have a working example of using oAuth with the new PIN-system?

  2. [...] [...]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: