Introducing MPOAuthConnection

If you’ve wanted to do anything with WebServices recently you’ve likely encountered OAuth, the open specification for client server data transmission. In a nutshell OAuth allows a desktop or web application a secure method by which to obtain user credentials for an online service without ever having to actually get the user’s username or password directly. It protects users credentials since they don’t need to give them out to multiple parties, and improves site security by giving users the tools with which to turn off the access of applications and services to their data.

Due to the proliferation of these services a common need exists to quickly be able to connect to to them without having to write yet more complicated code to do this when you just want to build your snazzy new application. Since I happen to enjoy using and writing APIs I took it upon myself to write one for OAuth for Mac and iPhone Cocoa applications. To this end, I’ve created the MPOAuthConnection set of classes that make it trivial to talk to these applications.

At the high level you merely need to tell MPOAuthAPI about the URL to your intended web service and give it your consumer key and secret and it will take care of the rest of the work of authenticating, retrieving access keys, and storing them on the user keychain on Mac OS X and iPhone*. There is a sparse delegate API for you to take part in the authentication sequence if necessary. Once authenticated you can perform method requests asynchronously or synchronously on the remote API using -performMethod:withTarget:action: or -dataForMethod: respectively.

The API is built in a layered way that allows you to, if so interested, jump in at lower levels for more direct control of the server communication and interact more directly with the classes doing the work, but so far I don’t believe this will very often be necessary. I’m using this code in a current project so it works well for me, and I’ve fixed the bugs I’ve encountered so far. I’m hoping you guys can find others, but of course if you don’t run into any that’s great too.

This code was built using the OAuth Core spec as a reference, along with the Yahoo! OAuth guide and the Google OAuth guide. It’s been tested by myself connecting to a few of the Yahoo! and Google OAuth services. It includes code excerpts from Jonathan Wight and Steve Reid for base64 encoding and HMAC-SHA1 hashing.

MPOAuthConnection on Google Code

Edit: Properly refer to OAuth as OAuth


  1. Posted 2008.12.12 at 09:06 | Permalink

    Hey Karl, this is great!

    One small thing — you should replace references to “Open Auth” with “OAuth”, since AOL owns the trademark to “OpenAuth” — and is why OAuth has the name is does now! ;)

  2. Posted 2008.12.12 at 13:54 | Permalink

    Thanks Chris, updated those references.

  3. Mike Fields
    Posted 2009.01.6 at 15:05 | Permalink

    I was having a bite of trouble getting the framework to run on the iphone simulator. I understood it to be supported. Is that a correct assumption?

  4. Posted 2009.01.11 at 20:52 | Permalink

    @Mike Fields, yes, that is a correct assumption. If you’re having troubles with the API please file issues on the google code page so that we can track what the issue is and implement a fix as quickly as possible.