6
votes

Short questions:

I've generated an Access Token and an Access Token Secret at apps.twitter.com for my application. How do I use them to send a request to https://api.twitter.com/1.1/statuses/user_timeline.json?

What is a Bearer Token comprised of? Is it the Access Token or the Access Token Secret? Or an encoding of the two?



Bit of context:

I'm trying to make an application that downloads tweets from my twitter timeline without the app user having to authenticate with their twitter account. I understand that I must use Application-Only authentication, and that the documentation (https://dev.twitter.com/docs/auth/application-only-auth) states that I need to use a Consumer Key and Consumer Secret to request a Bearer Token. But if I've already generated the tokens at apps.twitter.com using the generate button:


Screen shot of my app on the apps.twitter.com page


surely I can just hardcode these into my app and pass them along as the Bearer Token in some way? Like this I'd expect:

#define kTwitterBearerToken @"123456"    

NSURL *twitterFeedURL = [NSURL URLWithString:@"https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=kylejm_&count=10"];
NSMutableURLRequest *URLRequest = [NSMutableURLRequest requestWithURL:twitterFeedURL];
[URLRequest setHTTPMethod:@"POST"];
[URLRequest setValue:[NSString stringWithFormat:@"Bearer %@", kTwitterBearerToken] forHTTPHeaderField:@"Authorization"];
NSURLResponse *URLResponse;
NSError *URLerror;
NSData *tweetData = [NSURLConnection sendSynchronousRequest:URLRequest returningResponse:&URLResponse error:&URLerror];
NSError *JSONError;
NSArray *tweets = [NSJSONSerialization JSONObjectWithData:tweetData options:0 error:&JSONError];
NSLog(@"%@", tweets);

Thanks in advance for answers and help!

Kyle

P.S. I've looked at STTwitter, but think that it's a bit unnecessary to use it when what I'm trying to achieve is so simple (at least it seems simple to just pass the pre-generated token to me anyway)...

3
for app-only auth, you don't need the access token and access token secret, just the consumer key and consumer secret are adequate. You can fetch tweets for any user who's tweets are not protected. Do consider rate limits into account.Vishal
Thanks @Vishal. Am I right in saying you use the consumer key and secret to request a bearer token? Is the bearer token totally different to the tokens generated at apps.twitter.com?kylejm
honestly, i forget and currently in don't care mode from app perspective so hopefully someone more familiar can answer.Vishal

3 Answers

2
votes

To get access token for twitter application only authentication:

For more details: Twitter-App-Only-Authentication-iOS

  1. Create an application on your "https://apps.twitter.com" acount
  2. Get "kConsumerKey" and "kConsumerSecretKey"
  3. Get Base64EncodedBearerToken using "kConsumerKey" and "kConsumerSecretKey"
  4. Make "kTwitterAuthAPI" call with "Basic Authorization"
  5. Get "access_token" and use it in "Bearer Authorization" calls

Check out the code for more clarifications!

1
votes
0
votes

Here's my thoughts on the basic timeline for the app. I'm thinking it through as I type so bear with me...

On launch check to see if you've cached a bearer token (probably good idea to store it in the keychain not the user defaults)....

NO:if there's no bearer token, do the call outlined here in step 2. and then persist to keychain then continue...

YES: Get it back from the persistent keychain store* the continue...

Now you have a bearer token you need to make a Base64 encoded string (iOS has methods for you to use) and use that encoded string in the request from the previously linked pages Step 3.

If at any point you need to reset the bearer token, for instance if you've detected a few unsuccessful logins and want to give a flow for the user to try to resolve that, there's a request to call to invalidate the bearer token and then just re-request it, essentially repeating the initial flow.

As mentioned by others, Twitter has some annoying rate limitations, so it's probably best to cache the returned flow results and use them for display then use a less rate limited call to maybe find out the number of tweets in a date range so you can determine whether you need to update the cached data. That's just one thought as to how to handle it I;m sure there;s others that will appear from checking out the API docs.

Hope that helps... :)

  • oh yes, keychains. There's some decent example code for retrieving/writing/deleting keychain entries in an app. Equally: GitHub.