I'm writing a web app that uses Linq to Twitter to help a user manage a Twitter account. I understand that I need to hide my consumer key and consumer secret on the server side to prevent it from being exposed.
In order to do this, I know that I could use the MvcAuthorizer and use Linq To Twitter up on the server side of my MVC Application. But what if I wanted to separate the Linq To Twitter code from the web app and expose it as a web service hosted separately from my MVC app?
So the data flow would look like this...
Web Browser Client <--> My Web Service (ServiceStack) <--> Linq to Twitter <--> Twitter REST API
From reading the documentation on both the Linq to Twitter and dev.twitter.com site, my understanding is that my process flow should look something like this..
- User clicks some button in the web app that starts the authorization process
- User is redirected to twitter, and authorizes the app for use.
- User is redirected back to the callback URL that I specify. My app now has access to the users's OAuth tokens via the query string in that callback URL
- My app stores those OAuth tokens somewhere
- My proxy web service uses those OAuth tokens to query the Twitter API on behalf of the user.
I think I can do steps 1-4 using the instructions here about the MvcAuthorizer.
I'm not sure how to accomplish 5. My thought was to have a UserTweetsRequest message that I sent to my service. The message would specify the Twitter username. Inside the service, I'd look up the stored OAuth tokens for that user, combine them with my consumer tokens, then use Linq To Twitter to make the query.
If I now have all of the consumer and user tokens I need to call the Twitter API via Linq to Twitter, which Authorizer should I use inside my service implementation to make that happen? Do I need to implement my own?
