For my implementation example I am using a Java OAuth library written by John Kristian, Praveen Alavilli and Dirk Balfanz.
- You must get your Consumer Key and Consumer Secret by registering your application on Twitter.com
- The goal is to get an Access Token and Secret that you can use to read and/or write to a Twitter users information without having to ask for their username and password everytime. We also don't want to have to store that information because they may change it on Twitter.com and we don't want to have to synchronize the information. (The user doesn't really want to give that information to us anyway)
- The first step is get request a Request Token from Twitter. You do this by using a timestamp, nonce, oauth version, and your consumer key and signing it with your consumer secret. Then a request can be made to http://twitter.com/oauth/request_token including the signature.
- Twitter will generate a Request Token and Token Secret and send them back
- Save the Request Token and Token Secret off for later use. We will use them again after the user has granted us access.
- Build up a the URL for a user to access, sending them to Twitter, to grant us access. This will be done by sending them to http://twitter.com/oauth/authorize?oauth_token=
. You can optionally add a callback URL on the parameters or just rely on the one that you entered on the Twitter site when registering your application. - If you user grants you access, then your callback URL will be called.
- Upon recieving the callback, you now need to request and Access Token from Twitter. This is very similar to step 3 except you will be using a different URL and the Request Token and Secret that you saved off in step 4. You will sign your request with your consumer secret and the token secret and send the request for the Access Token to http://twitter.com/oauth/access_token.
- Twitter will generate an Access Token and Token Secret and send them back. At this point, the Application is added to the users Connections tab.
- Once you parse the Access Token and Token Secret out of the response, you can use them from that point forward to make Twitter API calls on behalf of the user that granted access.
public TwitterTokenPair getRequestToken(TwitterConsumerCredentials credentials) throws TwitterOAuthException { TwitterTokenPair result = null; OAuthAccessor accessor = newAccessor(credentials); OAuthClient client = new OAuthClient(new HttpClient3()); try { client.getRequestToken(accessor); // Build the token pair to return result = new TwitterTokenPair(); result.setToken(accessor.requestToken); result.setTokenSecret(accessor.tokenSecret); } catch (Throwable t) { throw new TwitterOAuthException(t); } return result;}
public String getAuthorizeUrl(String token, String callbackUrl, MapcallbackParameters) { Map parameters = new HashMap (); parameters.put("oauth_token", token); if (null != callbackUrl) { parameters.put("oauth_callback", callbackUrl + "?" + asQueryString(callbackParameters)); } return authorizeUrl + "?" + asQueryString(parameters); }
public TwitterTokenPair getAccessToken(TwitterConsumerCredentials credentials, TwitterTokenPair requestTokenPair) throws TwitterOAuthException { TwitterTokenPair result = null; OAuthAccessor accessor = newAccessor(credentials); accessor.requestToken = requestTokenPair.getToken(); accessor.tokenSecret = requestTokenPair.getTokenSecret(); OAuthClient client = new OAuthClient(new HttpClient3()); try { client.getAccessToken(accessor, HttpClient.GET, null); // Build the token pair to return result = new TwitterTokenPair(); result.setToken(accessor.accessToken); result.setTokenSecret(accessor.tokenSecret); } catch (Throwable t) { throw new TwitterOAuthException(t); } result; }
TwitterHttpCommand twitterCommand = new TwitterHttpCommand(credentials); try { Mapparameters = new HashMap (); parameters.put("status", "Just finished OAuth integration implementation of Twitter and DigitalChalk in Java! Woohoo!"); response = service.execute(twitterCommand, HttpMethod.POST, accessTokens, "http://twitter.com/statuses/update.xml", parameters); printInputStream(response.getResponse()); } catch (TwitterOAuthException ex) { System.out.println(ex); } catch (IOException ioex) { System.out.println(ioex); }
UPDATE: I have been asked to include the code for this experiment. You will need to download the Java OAuth Library and include it in the classpath as well as enter your Consumer Key and Secret into the twitter.properties file. The Test.java class should walk you through how I used it to test access to Twitter. Let me know what you think and if you would like to see anything else added. You can download the code here: http://bit.ly/Pz55C
15 comments:
using the twitter basic auth api, it is possible for the twitter account to be shared by one-or-more twitter client sites.
i'm curious, i wonder if this is possible w/ the twitter oauth api as well. i wonder if the second user's authentication of the shared twitter account will invalidate the previously authenticated by a twitter oauth consumer.
James, I think that I am following what you are asking.
If you ask a person to authenticate again using OAuth and you complete the cycle by doing the request for the Access Token, then it will invalidate the previous Access Token and Token Secret. You will have to use the newly generated tokens to access the user's account.
yeah ... it was rather clumsily asked. wasn't exactly sure of the "correct" words, but we're on the same page.
using basic auth, it is pretty easy for a service to allow it's members to share a single twitter account for event/message syndication. in looking at oauth (which i *really* like for obvious reasons), it looks as if this "feature" of allowing for shared account access is no longer available. i really want to be proven wrong on this one :)
James, I think that it sounds like a good idea for a 3rd party application. You could maintain a group that would have access to write to an account that you approve authentication to and then if you need to remove someone, you simply remove them from your app instead of having to change the password on the Twitter account. Go for it. I think it would be very useful.
hey troy -
i was just made aware that this is a known issue, one that looks to be under investigation:
http://code.google.com/p/twitter-api/issues/detail?id=372
thx for the chat :)
Thanks for this great post + the code :) Both are very helpful...
Hey Toy, If I have a web app that is already handling all the oAuth stuff, can I just store the access tokens in a DB, and then use those access tokens in my java app to make calls?
If I do this do I need to include any of the oauth stuff at all? Trying to break out in your test what is needed the first time just to get the tokens, and then what you need to do the first time around, and what needs to be dont after you've already had your app approved with the user?
I am getting 401 Unauthorized in step 8. In getAccessToken() function
client.getAccessToken(accessor, HttpClient.GET, null);
result = new TwitterTokenPair();
result.setToken(accessor.accessToken);
result.setTokenSecret(accessor.tokenSecret);
accesstoken and tokensecret are both null.
what could be wrong ?
Please help.
Anthony, after your user has completed the "Allow" on Twitter, you will be able to get the Access token using the request token and store them. You will then be able to use these tokens on behalf of the user.
arjun,
You will need to pass in your request token to get the access token after the user has allowed access through the request. It appears you are passing in null right now.
Hi
Fantastic job done :-) Is there a way to download the lib jar files?Or do you have a svn url?
Cheers
saabir, thanks for the comment. You can download the source at: http://bit.ly/Pz55C
Thanks! Step8 saved my night! :)
Bye,
Alex Nautilus
http://twitter.com/alexnautilus
Nautilus, that is great. I am glad it was useful to you.
Hi Troy,
excellent post. as a beginner, I could understand where to start. great work. keep it up. and many thanks.
Swaleh
Post a Comment