Twilver authentication model
I had some questions in the comments about how I built Twilver, so here’s a quick overview of how the app works. Of course this is still “prototype” territory so it could change entirely in the future, especially if you have better ideas!
Anyway, the current build works like this:
First, you browse to Twilver.Cloudapp.net which is an Azure ASP .NET page hosting the Twilver Silverlight 3.0 control. The control checks to see if it has a cached access token, and since it’s your first visit, it does not. It then redirects the hosting web page to Twitter and makes a call via the OAuth API. Then you log into Twitter directly so only they see your credentials, and they give back an authorized token to my ASP .NET service on Azure, via the OAuth callback registration.
After that my service exchanges the auth token for an Access Token and Access Secret, which are provided by Twitter and don’t expire unless the user goes to Twitter and revoke’s my app’s authorization.
The web page passes the Access Token and Secret to the Silverlight control, which stores them in local isolated storage. Then when the Silverlight control wants to make a request to Twitter, it calls into my proxy WCF service running on the Azure server. This is necessary (I think), because Twitter doesn’t register their API for cross-domain access by Silverlight and Flash. So Silverlight prevents me from making a direct cross-domain call. My proxy service is a very, very simple WCF wrapper around the Twitter API. Building this in Visual Studio was dead simple.
In the future I could change it so that the access token and secret aren’t stored in the Silverlight local storage, but instead are stored by my service in the Azure storage service. For now, having the control do the caching seemed simplest, as it means my service is stateless and doesn’t track anything at all about users. I may want to change that any way in the future, though, so that I could offer features like roaming settings and such.
So that’s what I put together this weekend. Any feedback or suggestions would be more than appreciated!