OAuth logo
By Chris Messina, CC BY-SA 3.0

Chances are if you’re using an API for any piece of software, you’ll probably need to use a protocol like OAuth for authentication and authorization. There’s a lot of documentation for OAuth (v1) out there, especially for Windows Phone; here’s a popular C# file that implements most of the OAuth protocol, and there’s lot of pages out there which show how to use it.

There’s not much documentation for using OAuth 2.0, but that’s because it’s really easy to use, especially compared to the original OAuth protocol. Here’s how OAuth 2.0 generally is used for APIS:

  1. Register your application with your API’s provider. You’ll usually receive a client ID and a client secret that’s specific to your application.
  2. Send a request to your API’s provider for an access token using your newly acquired client id and secret.
  3. Send the access token with any API request.
  4. Refresh the access token if necessary.

Of course this process varies by the provider, but it’s usually similar to the above. For an example, check out this explanation.

The process above is easy to understand, but what would that look like in C# for a Windows Phone/Windows Store app?

Before we dive into the code, let’s first talk about making web requests in C#. The official documentation for making a web request is not too enlightening (I don’t find it too helpful, and neither do 23 of 45 people who rated it as of 1/12/14), and it doesn’t even work on Windows Store or Windows Phone apps. In fact, it’s a bit more confusing on those platforms because the GetRequestStream and GetResponse methods are asynchronous and require callbacks. Making a simple GET request should be very simple, and the process described in the link is too long.

Enter HttpClient.

HttpClient makes it stupidly simple to make requests. For example, consider the case where you want to grab the data returned from a GET request made to a specific url, say “http://blah.net”. Here’s the code for the request (without proper exception handling):

var c = new HttpClient();
var request = new HttpRequestMessage(Method.Get, new Uri("http://blah.com"));
var response = await c.SendAsync(request);
var stringResult = response.Content.ReadAsStringAsync();

This is pretty awesome; we just made a GET request and got a response in only 4 lines!

So let’s get back to the original problem of using OAuth 2.0 in an app. After we acquire the client id and secret from the API provider, we can easily acquire the access token using POST:

string postParameters = "client_id=SOME_CLIENT_ID&client_secret=SOME_CLIENT_SECRET";
var c = new HttpClient();
var request = new HttpRequestMessage(Method.Post, new Uri("http://blah.com/api"));
request.Content = new StringContent(postParameters);
request.Content.Headers.ContentType = new ...; // May be option for your API
var response = await c.SendAsync(request);
var stringResult = response.Content.ReadAsStringAsync();

If we assume that the access token was received in stringResult, then we would save stringResult permanently for future API calls. Here’s an example of an API GET request with the access token, which generally goes in the header of the request:

var c = new HttpClient();
var request = new HttpRequestMessage(Method.Get, new Uri("http://blah.com/api"));
// The header below could be different for your API
request.Headers.Add("Authorization", accessTokenVariable);
var response = await c.SendAsync(request);
var stringResult = response.Content.ReadAsStringAsync();

And that’s it! With the HttpClient library and the simplicity of Oauth 2.0, it’s pretty easy to work with APIs in Windows Store and Windows Phone apps!

Tags: windows-phone api