Single-user OAuth with Examples
Note: Many developers will find working with Application-only authentication a superior approach than what is documented below. However, application-only authentication does not enable user actions such as posting Tweets or accessing Direct Messages, so this single access token may still be valid.
Twitter offers the ability to retrieve a single access token (complete with oauth_token_secret) from Twitter app detail pages found in the developer portal.
This is ideal for apps with single-user use cases. Never share the combination of an OAuth consumer key, secret, access token, and access token secret with others.
By using a single access token, it is not necessary to implement the entire OAuth token acquisition dance. Instead, pick up from the point where you are working with an access token to make signed requests for Twitter resources.
Here are some tips with a few different OAuth libraries on how to get started using OAuth directly with an access token.
It’s still very helpful for you to read all about OAuth. These tips also generally apply for all contexts of using OAuth with access tokens, not just the “single user” use case.
Using the C#-based twitterizer Library¶
This tip is courtesy of Ricky Smith, author of twitterizer, a library for interfacing with the Twitter API that handles much of the OAuth implementation behind the scenes.
OAuthTokens tokens = new OAuthTokens();
tokens.ConsumerKey = "Consumer Key";
tokens.ConsumerSecret = "Consumer Secret";
tokens.AccessToken = "Access Key";
tokens.AccessTokenSecret = "Access Secret";
TwitterStatusCollection homeTimeline = TwitterStatus.GetHomeTimeline(tokens);
Using @abraham’s PHP twitteroauth Library¶
Since this is a Twitter library and not just an OAuth library, there are many conveniences afforded to you with twitteroauth. You just need to setup the “connection actor” which makes the requests on the access token’s behalf.
function getConnectionWithAccessToken($oauth_token, $oauth_token_secret) {
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
return $connection;
}
$connection = getConnectionWithAccessToken("abcdefg", "hijklmnop");
$content = $connection->
get("statuses/home_timeline");
Using Python-OAuth2 library¶
The Python OAuth2 library handles the heavy lifting of signing requests for you and is an assembly of many peoples work. The readme gives some more examples of ways to interface with the Twitter API.
def oauth_req(url, key, secret, http_method="GET", post_body=””, http_headers=None):
consumer = oauth2.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET)
token = oauth2.Token(key=key, secret=secret)
client = oauth2.Client(consumer, token)
resp, content = client.request( url, method=http_method, body=post_body, headers=http_headers )
return content
home_timeline = oauth_req( 'https://api.x.com/1.1/statuses/home_timeline.json', 'abcdefg', 'hijklmnop' )
Using the OAuth Ruby Gem¶
Starting with an access token is really easy with the OAuth Ruby gem.
# Exchange your oauth_token and oauth_token_secret for an AccessToken instance.
def prepare_access_token(oauth_token, oauth_token_secret)
consumer = OAuth::Consumer.new("APIKey", "APISecret", { :site => "https://api.x.com", :scheme => :header })
# now create the access token object from passed values
token_hash = { :oauth_token => oauth_token, :oauth_token_secret => oauth_token_secret }
access_token = OAuth::AccessToken.from_hash(consumer, token_hash )
return access_token
end
# Exchange our oauth_token and oauth_token secret for the AccessToken instance.
access_token = prepare_access_token("abcdefg", "hijklmnop")
# use the access token as an agent to get the home timeline
response = access_token.request(:get, "https://api.x.com/1.1/statuses/home_timeline.json")