/* Copyright 2011 TweetDeck Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY TWEETDECK INC. ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TWEETDECK INC. OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of TweetDeck Inc. */ #import /* This OAuth implementation doesn't cover the whole spec (eg. it’s HMAC only). But you'll find it works with almost all the OAuth implementations you need to interact with in the wild. How ace is that?! */ @interface TWTRGCOAuth : NSObject { @private NSString *signatureSecret; NSDictionary *OAuthParameters; } /* Set the user agent to be used for all requests. */ + (void)setUserAgent:(NSString *)agent; /* Set the time offset to be used for timestamp calculations. */ + (void)setTimeStampOffset:(time_t)offset; /* Control HTTPS cookie storage for all generated requests */ + (void)setHTTPShouldHandleCookies:(BOOL)handle; /** Creates and returns a URL request that will perform an HTTP operation for the given method. All of the appropriate fields will be parameter encoded as necessary so do not encode them yourself. The contents of the parameters dictionary must be string key/value pairs. You are contracted to consume the NSURLRequest *immediately*. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path HTTPMethod:(NSString *)HTTPMethod parameters:(NSDictionary *)parameters scheme:(NSString *)scheme host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Creates and returns a URL request that will perform a GET HTTP operation. All of the appropriate fields will be parameter encoded as necessary so do not encode them yourself. The contents of the parameters dictionary must be string key/value pairs. You are contracted to consume the NSURLRequest *immediately*. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path GETParameters:(NSDictionary *)parameters host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Performs the same operation as the above method but allows a customizable URL scheme, e.g. HTTPS. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path GETParameters:(NSDictionary *)parameters scheme:(NSString *)scheme host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Creates and returns a URL request that will perform a DELETE HTTP operation. All of the appropriate fields will be parameter encoded as necessary so do not encode them yourself. The contents of the parameters dictionary must be string key/value pairs. You are contracted to consume the NSURLRequest *immediately*. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path DELETEParameters:(NSDictionary *)parameters host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Performs the same operation as the above method but allows a customizable URL scheme, e.g. HTTPS. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path DELETEParameters:(NSDictionary *)parameters scheme:(NSString *)scheme host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Creates and returns a URL request that will perform a POST HTTP operation. All data will be sent as form URL encoded. Restrictions on the arguments to this method are the same as the GET request methods. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path POSTParameters:(NSDictionary *)parameters host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /* Performs the same operation as the above method but allows a customizable URL scheme, e.g. HTTPS. */ + (NSURLRequest *)URLRequestForPath:(NSString *)path POSTParameters:(NSDictionary *)parameters scheme:(NSString *)scheme host:(NSString *)host consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; /** * Convenience method that takes in a `NSURLRequest` but performs the same operation as the above. * * @param request The request to sign * @param consumerKey The app consumer key * @param consumerSecret The app consumer secret * @param accessToken The oauth access token * @param tokenSecret The oauth access token secret * * @return A signed request given the oauth credentials */ + (NSURLRequest *)URLRequestFromRequest:(NSURLRequest *)request consumerKey:(NSString *)consumerKey consumerSecret:(NSString *)consumerSecret accessToken:(NSString *)accessToken tokenSecret:(NSString *)tokenSecret; @end /* XAuth example (because you may otherwise be scratching your head): NSURLRequest *xauth = [GCOAuth URLRequestForPath:@"/oauth/access_token" POSTParameters:[NSDictionary dictionaryWithObjectsAndKeys: username, @"x_auth_username", password, @"x_auth_password", @"client_auth", @"x_auth_mode", nil] host:@"api.twitter.com" consumerKey:CONSUMER_KEY consumerSecret:CONSUMER_SECRET accessToken:nil tokenSecret:nil]; OAuth Echo example (we have found that some consumers require HTTPS for the echo, so to be safe we always do it): NSURLRequest *echo = [GCOAuth URLRequestForPath:@"/1/account/verify_credentials.json" GETParameters:nil scheme:@"https" host:@"api.twitter.com" consumerKey:CONSUMER_KEY consumerSecret:CONSUMER_SECRET accessToken:accessToken tokenSecret:tokenSecret]; NSMutableURLRequest *rq = [NSMutableURLRequest new]; [rq setValue:[[echo URL] absoluteString] forHTTPHeaderField:@"X-Auth-Service-Provider"]; [rq setValue:[echo valueForHTTPHeaderField:@"Authorization"] forHTTPHeaderField:@"X-Verify-Credentials-Authorization"]; // Now consume rq with an NSURLConnection [rq release]; Suggested usage would be to make some categories for this class that automatically adds both secrets, both tokens and host information. This makes usage less cumbersome. Eg: [TwitterOAuth GET:@"/1/statuses/home_timeline.json"]; [TwitterOAuth GET:@"/1/statuses/home_timeline.json" queryParameters:dictionary]; At TweetDeck we have TDAccount classes that represent separate user logins for different services when instantiated. */