04
Sep
iOS Twitter integration stopgap
I think it's fair to state that most-if not all-iOS developers are excited about iOS 5.0's OS level integration with Twitter. While we wait for iOS 5.0 to arrive and for users to upgrade, integrating Twitter into an iOS app can be done in one of two ways.
One: the purist way
The purist way is to use Twitter's strict OAuth 1.0 support to enable the user to login to twitter using a webkit webview from within your app. Doing this usually requires using a half-baked open-source library (if you can call it that) to manage the webView and strip the Twitter user pin out of the web page and send to twitter in exchange for an oauth token and oauth secret. Going this route requires steadfast dedication to the spirit of OAuth and will likely waste a lot of time.
Two: the XAuth way
Twitter acknowledges the fact that the purist way is ugly and complicated and so they provide an alternate route. The alternate way is to allow app developers to request permission from them to accept the user's Twitter credentials directly and send them to Twitter for authentication.
Once authenticated all requests to Twitter require the same OAuth signed Authorization header as the purist way.
While we wait for this whole mess to go away, my recommendation is to put the onus on Twitter to worry about the security of XAuth vs pure OAuth and apply for XAuth access here:
Users who are aware enough about the security of OAuth vs XAuth can trust that Twitter's moderators are making responsible decisions about enabling on not enabling XAuth access for Twitter apps. My opinion is that if we can trust Twitter's security enough to use the platform we can trust their moderators to open XAuth to select app developers.
Once you've obtained XAuth access from Twitter, you can use this iOS library to authenticate with Twitter and tweet on the user's behalf. This library will also allow you to retrieve the user's OAuth Token and OAuth Secret for Single Sign On purposes.
