Ruby and Twitter: Getting Access Token from Request Token?

2
votes

I am currently in Step 3 of the processing on getting an oauth token/secret from an user trying to login via Twitter. https://dev.twitter.com/docs/auth/implementing-sign-twitter

Step 3 tells me to send this request to the API, but I am stuck as to how to do so. I currently have BOTH the oauth_token and oauth_verifier, but how do I send this POST request to get the oauth_token, oauth_token_secret pair?

Is there a standard Oauth Ruby gem I can use to send this POST request? I see examples online where I pass an @accessToken object, but i do not have such an object available. I just have the oauth_token and oauth_verifier (as strings). Given these 2 things, how do I convert them to an oauth_token and oauth_token_secret?

POST /oauth/access_token HTTP/1.1
User-Agent: themattharris' HTTP Client
Host: api.twitter.com
Accept: */*
Authorization: OAuth oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w",
                     oauth_nonce="a9900fe68e2573b27a37f10fbad6a755",
                     oauth_signature="39cipBtIOHEEnybAR4sATQTpl2I%3D",
                     oauth_signature_method="HMAC-SHA1",
                     oauth_timestamp="1318467427",
                     oauth_token="NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0",
                     oauth_version="1.0"
Content-Length: 57
Content-Type: application/x-www-form-urlencoded

oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY
3
ruby-on-railsrubytwitteroauth
has my answer been helpful?Малъ Скрылевъ

3 Answers

4
votes

Try something like the following rails controller actions, using the twitter and oauth gems:

  def redirect
    consumer = OAuth::Consumer.new(CONSUMER_KEY, CONSUMER_SECRET, {
      :site => "https://api.twitter.com", 
      :scheme => :header
    })

    request_token = consumer.get_request_token(:oauth_callback => CALLBACK_URL)
    session[:twitter_request_token] = request_token

    redirect_to request_token.authorize_url #=> "https://api.twitter.com/oauth/authorize?oauth_token=XYZ"
  end

  def callback
    request_token = session[:twitter_request_token]

    access_token = request_token.get_access_token(:oauth_verifier => params[:oauth_verifier])
    client = Twitter::REST::Client.new(
      :consumer_key => CONSUMER_KEY,
      :consumer_secret => CONSUMER_SECRET,
      :access_token => access_token.token,
      :access_token_secret => access_token.secret
    )
    twitter_user = client.user

    redirect_to root_url # or do something with the twitter_user
  end

See also: http://barkingiguana.com/2009/10/13/twitter-oauth-authentication-using-ruby/

0
votes

yes there is the Omniauth gem for authentication with Twitter. The documentation is straight forward.

I personally use Omniauth integrated with Devise and the Twitter gem to access Twitter - works very well.

Hope this helps, Eugen

0
votes

The common procedure is the following:

  1. You shell to register your app on twitter development page.

  2. Then set the proper Name, Description, and Website values up for your application.

    App Name

App Description

http://your_app_domain.zone:3000/

  3. Change Application Type is your app, by default it has read only access type.

  4. Setup the callback URL for yuor application:

    http://your_app_domain.zone:3000/auth/twitter/callback

  5. Store the all keys, and secrets that are shewn on the OAuth tool twitter page:

    Consumer key:

Consumer secret:

Access token:

Access token secret:

  6. Setup route on your site with devise, or devise-like gem with the specified twitter keys, and secrets to enable authentication engine. The route list now shall include /auth/twitter path.

  7. By going to http://your_app_domain.zone:3000/auth/twitter you will be redirected to twitter site, and dropped back to your site with passed oauth_token

But

You simple receive those keys, and secrets, and apply then in your app, avoiding the 6, and 7 points:

client = Twitter::REST::Client.new do |config|
   config.consumer_key        = "YOUR_CONSUMER_KEY"
   config.consumer_secret     = "YOUR_CONSUMER_SECRET"
   config.access_token        = "YOUR_ACCESS_TOKEN"
   config.access_token_secret = "YOUR_ACCESS_SECRET"
end