MPOAuth on the iPhone, MPOAuthMobile

Some people have expressed difficultly in using MPOAuth on the iPhone, so I commited a test iPhone app that merely shows how to link in MPOAuth and make use of it on the iPhone. I wrote this a while ago while testing, but have updated it now to demonstrate how to implement an MPOAuthAPIDelegate, use an inline UIWebView for user authorization, implement a custom URI handler to return control to your application and then finally make an authenticated request.


MPOAuthAPIDelegate allows an application to be a part of the OAuth authentication dance by providing a callback URL as well as choosing whether the user should automatically be taken to the authentication URL via the system’s default web browser.

Callback URIs

While custom callbacks URIs are a useful way for client side applications to return control to their application, many OAuth producers do not allow consumers to make use of them even for client applications. If you’re unable to get this to work it may be due to the fact that your OAuth producer does not allow it and doesn’t inform you of such. There’s also what I feel is a hacky solution for capturing url load requests and then returning the control to your application manually. This is a hack for the above problem so that you may use arbitrary domains like to redirect.


In order to use MPOAuthMobile, you need to first configure it to connect to an OAuth endpoint and set your consumer key and secret in RootViewController.m lines 13 and 14.

#define kConsumerKey		@"key"
#define kConsumerSecret		@"secret"

Among the supported OAuth endpoints in MPOAuth is twitter, so you can set as the baseURL used to create your instance of MPOAuthAPI on line 39-40 and it’ll automatically do everything you need.

	_oauthAPI = [[MPOAuthAPI alloc] initWithCredentials:credentials
						 andBaseURL:[NSURL URLWithString:@""]];


Once you’ve compiled the application in Xcode, it will install into the simulator or device and when it launches the OAuth dance will automatically commence by getting the unauthorized request token, and opening an inline webview for user authorization. Once you’ve provided the user credentials, the web view is animated off the display stack and the state updated again. At this stage you’re free to type in whatever method you’d like to perform on the remote endpoint. In this case I used /statuses/friends_timeline.xml to see my timeline.


The code can be found in the mpaouthconnection project on google code under the MPOAuthMobile subdirectory