A Simple Guide to using OAuth with C#

If you are a newbie to OAuth you might understand how confusing it can be at first! I started off looking at building a small application that consumed an OAuth service as a side project. I kinda just dived right in without understanding how OAuth worked and got myself very confused. I have found that there are loads of examples out there explaining in Ruby, Java and Python - but not that many in C#.

OAuth Logo

Eventually I found something on Stackoverflow that explained everything to me. The answer was well detailed and even included a code sample This kinda got the ball rolling and I managed to get a working example running. In this article I'll explain a little bit more about OAuth and how simple it really is once you get started.

Firstly, let me start by explaining what OAuth is and why you should use it. OAuth is a simple way to publish and interact with protected data. It is a safer way to give people access to this data when they are calling an API, as each request to the API is signed with encrypted details that only last for a defined duration (e.g. 2 Hours). There are quite a few services out there that use the OAuth standard and some of the big ones are Twitter, Twitpic, Digg and Flickr. There is a good article on the OAuth site that explains more.

I'm not going to go too deep into the whole OAuth process, but I always find that a code sample helps explain things better. Let's take a look at a summarized version of how the process works.

  1. Register your app with the service that you are developing it for. e.g. Twitter, Twitpic, SoundCloud etc. You will receive a consumer key and secret.
  2. You, the developer of the app then initiates the OAuth process by passing the consumer key and the consumer secret
  3. The service will return a Request Token to you.
  4. The user then needs to grant approval for the app to run requests.
  5. Once the user has granted permission you need to exchange the request token for an access token.
  6. Now that you have received an access token, you use this to sign all http requests with your credentials and access token.

I decided to experiment with the Soundcloud API as I regularly check out new music on the site. There is a great wrapper that has already been built for C# OAuth - I used it to connect to the API. Please download it here.

To begin the process you need to pass the Consumer Key and Consumer Secret to the service to acquire a Request Token. You will get given this when you register your application with the site.

Acquire Request Token

Now that we have the request token, we need to prompt the user to grant us permission. If you are using a desktop application like I am in this example, use System.Diagnostics.Process to open a new browser window with the URL.

Access Token

This should open up a window like the following:

OAuth Window

Once the user has logged in they will be given a key that they need to paste back into your application.

OAuth Connected Screen

Now, as many users out there might not really be savvy enough to actually do this - the answer on Stackoverflow has a good example of how to bypass this. The article explains an idea that involves some HTML screen scraping to grab the pin. You could use this to copy the pin and use it in your application. This way the user only really needs to authenticate and your app will do the rest. In this example I am just copying the pin and pasting into the Quick Watch window in Visual Studio.

Then we need to exchange the Request Token for an Access Token.

Access Token

The Access token is used to sign the HTTP request in the Header.

Register App

Now that we have the header, we can start requesting information. Pass the information to a GET HTTP request with the Content Type set to "x-www-form-urlencoded" and the Header set as our Authorization Header that we just created. I've bundled this into a separate method as we are going to be using this repeatedly if we need to make other calls to the service.

Http Get

That's it! We are now calling a secure service to get the data.

Here are some further links explaining more about OAuth:




And more on the SoundCloud API:



Fredrik - 2/10/2011
Thanks for sharing!! I've spent 6 hours or so trying to find docs about this, until I found your post! Have a GREAT day!!!

Dean - 2/10/2011
@Fredrik Pleasure - hope it helped!!

manny - 2/15/2011
Great article. Saved me quite a bit of time. Any pointers as to how one could go about securing web services using oauth? Have a bunch of wcf rest services that I would like other apps to consume and so far information has been pretty scarce on how to do that. Again, great article!

Dean - 2/15/2011
@manny Good question, I haven't looked at creating one myself, but I found this good question on stackoverflow. It might help a little - http://stackoverflow.com/questions/4686451/how-do-i-set-oauth-authentication-for-a-wcf-rest-c-site

Dadi - 3/30/2011
Thank you, thank you, thank you! You save me! Great post! ;)

S - 1/25/2012
Thanks, great introductory post. Just what I needed. All that information overload all over the web was overwhelming.

Garry Taylor - 4/25/2012
CropperPlugins.OAuth not url decoding the oauth_token_secret before storing. As the salt is based on this value the signature will be invalid. Fix: this["token_secret"] = UrlDecode(r["oauth_token_secret"]);

Svinja - 10/27/2012
Thank you, helped me a lot. Implemented it successfully to work with XING API with a little tweak.

Jan Kratochvil - 1/23/2013
Great article, it definitely helped to make OAuth much clearer to me.

Bri - 9/10/2013
Thanks man, this really helped me understand.

Dennis - 6/11/2014
i get always on this part: using (var response = (HttpWebResponse)request.GetResponse()) a 400 Exception. Can u help me please. I use the xing API. Thanks

Daniel - 11/26/2014
Men, you're a life saver, you don't know how much I love you right now.

Jeff - 3/4/2015
thank you!

Mike - 3/9/2015
Thanks man, good tutorial. Oauth2 ain't that puzzling once you just get the basics down.

Adnan - 5/9/2015
Can you give me link of oAuth Library are you using? Also, I need to use it to make a desktop Etsy app. Can your thing work?

Rushil - 7/22/2015
Hi, I am totally new to OAuth and just looking for one sample example using C# or plain HTML, so that i can refer that and start building my own. Any help in finding would be much apperciated. Thanks.

Bhavya - 7/24/2015
Saved me a lot of time.... thanks for the article.

Marc - 7/26/2015
Really well written, as clear as it can be :) Thanks for sharing!!

jefff - 8/5/2015
You broke it down in a simple and pure way, such that I have never seen! We soooooo need more like this one.

Don - 9/4/2015
Thanks for the clear explanation and your time to publish this. A real time saver.

lasi7 - 10/27/2015
Great article! Thanks.

Alvin - 1/18/2016
Hi How can I put my post parameters on the last part? Where I'm already getting some data.

Ankit Mahendru - 3/14/2016
Excellent article. Thank you!

Alexander Gonzalez - 5/2/2016
This is totally AWESOME! Thank you very much! You made my day :)

sakthivel - 7/20/2016
Thank you so much! How can Tweet a image with url?

Rajesh Patil - 10/31/2016
Perfect short and simple to clear the OAuth confusions... Bunch of thanks...

nnnn - 4/3/2017

Sebastian - 4/26/2017
Sorry, I did not find any library including OAuth... might be an idea to post it in this article

Eugen - 5/12/2017
Could some one please help me with a working example for Xing ? Thank you in advance.

Saeedeh - 8/13/2017
Thank you for the article it's wonderful! For those who got confused like me, you should first add classes like Manager and Tracing from this link to your project: https://cropperplugins.codeplex.com/SourceControl/changeset/view/65377#Cropper.Plugins/TwitPic/OAuth.cs

Add your comment

300 Characters left

Please fill this in to confirm that you are human