How to get the Foursquare OAuth request code, using C# inside Web API?

Question

I'm using SharpSquare for C# modeling of the Foursquare API, and I'm getting stuck at step 1.

1. Get a "code" from Foursquare
2. Get an access token based on return url and the "code"
3. Query API

The SharpSquare documentation shows this:

if (Request["code"] != null) {
    sharpSquare.GetAccessToken(redirectUri, Request["code"]);
    ...
}
else {
    HyperLink.NavigateUrl = sharpSquare.GetAuthenticateUrl(redirectUri);
}

I'm trying to query the Foursquare API from within an ASP.NET Web API method. I can't do this: HyperLink.NavigateUrl = sharpSquare.GetAuthenticateUrl(redirectUri);

What can I do to get the "code"? (I've tried various WebClient() & WebRequest/WebResponse attempts, just can't quite get it to work).

Answer 1

basically this authentication is a 2-step process. First you need to generate authentication URL using GetAuthenticateUrl() call - and redirect user to that URL. After user successfully authenticates, FourSquare will call the redirect URL you provided - passing the code parameter - which you will need to exchange for access token with GetAccessToken() call.

here is a sample MVC code:

public ActionResult UserClicksAuthenticate()
{
    var redirectUri = Request.Url.Authority + this.Url.Action("AuthorizeCallback", new {userCode = "userCode"});
    var sharpSquare = new SharpSquare(clientId, clientSecret);
    var authUrl = sharpSquare.GetAuthenticateUrl(redirectUri);

    return new RedirectResult(authUrl, permanent: false);
}

public ActionResult AuthorizeCallback(string code, string userCode)
{
    var redirectUri = Request.Url.Authority + this.Url.Action("AuthorizeCallback", new { userCode = userCode });

    var sharpSquare = new SharpSquare(clientId, clientSecret);    
    var accessToken = sharpSquare.GetAccessToken(redirectUri, code);

    // need this in order to make calls to API
    // it's redundant because token is already set in GetAccessToken() call but it helps to understand the workflow better. 
    sharpSquare.SetAccessToken(accessToken);

    List<VenueHistory> venues = sharpSquare.GetUserVenueHistory();

    return View("Index");
}

public ActionResult GetVenues()
{
    var sharpSquare = new SharpSquare(clientId, clientSecret, appToken);    

    List<VenueHistory> venues = sharpSquare.GetUserVenueHistory();

    return View("Index");
}

userCode above is just a arbitrary string you can pass in your redirect url so can recover the user context in the callback function. For example, this can be page code, or user id, or event name - whatever your logic requires.

UPDATE: as it turns out, topic starter was interested in "user-less" access (see FourSquare dev page here). Indeed, for these actions you do not need to get access token, you only need APP ID & SECRET. Looking at SharpSquare implementation, I noticed that there is a there is an overload with bool unauthenticated parameter:

private FourSquareSingleResponse<T> GetSingle<T>(string endpoint, bool unauthenticated) where T : FourSquareEntity

which indeed only requires app id/secret when calling API.

This parameter is set to true when the following public methods are called:

public Venue GetVenue(string venueId)
public List<Venue> SearchVenues(Dictionary<string, string> parameters)
public List<Checkin> GetVenueHereNow(string venueId, Dictionary<string, string> parameters)
public List<Tip> GetVenueTips(string venueId, Dictionary<string, string> parameters)
public List<Photo> GetVenuePhotos(string venueId, Dictionary<string, string> parameters)
public List<Link> GetVenueLinks(string venueId)
public Tip GetTip(string tipId)
public Special GetSpecial(string specialId)

that means you do not need access token if you want to call any of these methods in your WebAPI action:

public ActionResult SearchVenues()
{
    var sharpSquare = new SharpSquare(clientId, clientSecret);    

    List<VenueHistory> venues = sharpSquare.SearchVenues(<<params>>);

    return View(venues);
}