Authentication has been a part of .NET for a long time. Unfortunately, there are a couple of problems:
- Users must remember their user ids and passwords. For
technologists, this is not a problem. For my parents, this is a huge
challenge. Many people are able to remember their Twitter or other
social network passwords. Unfortunately, remembering their user IDs and
password for your service is most likely a problem.
- When an application is responsible for the user IDs and passwords, it must store that information securely in some way.
If there's one thing we should all understand, no application is 100
percent secure. There is always the chance for some type of data loss.
Depending on the application's needs, it may make sense to let
another service store user IDs and passwords. The next question is, "Is
there a standard way to interact with other services that can handle
authentication?" Thankfully, there is a standard for cross-application
authentication: OAuth. OAuth has been implemented by a number of social
networks and other services, including Twitter, Facebook, Google and
OAuth is an open standard for authorization. It provides the following:
- A standard method for client authentication.
- A standard process for end users to authorize third-party access to server resources.
- The ability to authorize these third parties without the sharing of credentials (username and password pair).
This article will not get into OAuth specifics; that information is available on the OAuth Web site.
For these set of examples, we'll use OAuth as a mechanism to
authenticate users. We'll authenticate users, get a response and display
information to the user (specifically, a profile image). From there,
the example will integrate with Twitter via OAuth and then make calls to
Twitter via a third-party library. This will demonstrate the strength
of the growing Xamarin ecosystem.