OAuth hell

After deciding that Windows 8 wasn’t too bad after all, I’ve decided to have another dabble at writing a Windows 8 specific application (ie, “the framework formally known as Metro” app). My first serious attempt is to integrate with a social media site that required OAuth authentication.


Although I’ve never actually used OAuth 2 in any serious capacity, I’ve read many articles about it and have read source for the various stages. Performing this within WinRT has been a challenge to say the least, for starters so many libraries out there do not easily compile for Window Store compatible libraries.

One suggested approach is to use the WebAuthenticationBroker class which is supported in WinRT (see http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122 ). One problem that I’ve hit with that (and seems like I’m not the only one) is that the method AuthenticateAsync() either does not call the callback properly or (more importantly to me) it seems to have cached the request/response and doesn’t call the OAuth URLs consistently. 

I’m sure that WebAuthenticationBroker works fine a lot of the time, but it doesn’t certainly be working for me.

Next stop, DotnetOpenAuth 

The problem here is that I’m unable to get it working in the WinRT environment (again). Am hoping this will be rectified soon so I can use it in all its goodness.

Soooo, what next? Might as well just perform some basic posts (blatently stolen from some articles/demos).

Steps to perform:


1) Perform HTTP POST to get OAuth Request Token.

2) Load up separate Metro IE instance with authentication URL. This will return us a verification code. Write down for later.

3) Perform HTTP POST to convert Request Token to Access Token (using the verification code attained in step 2) 

All done..  we end up with an Access Token that we then use for every REST transaction.

Maybe having a separate library for all of this really isn’t worth it 🙂