Announcement Announcement Module
No announcement yet.
Programmatically obtaining the OAuth1 verifier from Twitter Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Programmatically obtaining the OAuth1 verifier from Twitter

    I'm a newbie to both the social framework and twitter in general. Using console quick start example, I've been able to authenticate and update my status successfully. However, the example code obtains a verifier value by launching a web browser to navigate the authentication URL as seen here:

    string authenticateUrl = twitterServiceProvider.OAuthOperations.BuildAuthen ticateUrl(oauthToken.Value, null);

    The return value is then manually entered through the UI such that a request token can obtained.

    Console.WriteLine("Enter PIN Code from Twitter authorization page:");
    string pinCode = Console.ReadLine();
    AuthorizedRequestToken requestToken = new AuthorizedRequestToken(oauthToken, pinCode);

    While this basic process works well for interactive applications, my application is a background process and providing a UI would defeat my purpose.

    With that said, how can I obtain the verifier code progratically without launching a browser and manually entering the verifier (pin code in the above example)?

    Any help and suggestions are greatly appreciated.
    Last edited by Dave Syer; Nov 26th, 2012, 08:02 AM. Reason: remove duplicate (copy-paste error)?

  • #2
    In OAuth 1.0a (which is what Twitter implements), there is no way to get an access token without performing at least some of the work in a web browser. That's because OAuth 1.0/1.0a is entirely committed to getting the user to authorize your application via the provider (Twitter in this case) and not letting the application obtain authorization on its own. The bulk of the authorization is between the user and Twitter and your application would just be the recipient of the authorization when it's done.

    If this were OAuth 2, you could do what's known as "Resource Owner Credentials Grant" (aka, "password grant" for short). In this special case, the application asks the user for their credentials and exchanges them one time for an access token. In this case, there's no browser involved. Unfortunately, this is an OAuth 2-only thing and doesn't apply to Twitter which is still on OAuth 1.0a.

    That said, Twitter also implements something called xAuth, which allows desktop and mobile apps to exchange user credentials for an access token, much like OAuth 2's password grant. In order to use xAuth, you must request access from Twitter and follow the instructions at At this time, Spring Social doesn't support xAuth-style authorization (but the access token you get could still be used with Spring Social's TwitterTemplate).


    • #3
      Any news on this kind of workflow.
      What I am looking for, essentially, is a way to tweet programatically - it does look like twitter allows the manual creation of OAuth access token and it also looks like I can execute a curl command (the syntax is generated by twitter itself, in their doc pages) and I am able to tweet without any sort of browser interaction.
      So, it looks like things may have changed and we should be able to tweet programatically - is there a spring social example that does this?


      • #4
        Hopefully this helps.

        If you are going to tweet on someone else's behalf, there has to be some UI for that person to accept that connection. If you are tweeting under your account. I was able to easily do it with Spring Integration, which uses Spring Social. Or you could use the TwitterTemplate directly to post tweets. The TwitterTemplate has properties that you can set with your own keys and you can post. There is no UI in that setup.



        • #5
          Thanks for the quick feedback.
          Unfortunately I am not able to tweet via TwitterTemplate directly (I am still looking into why there is no connection in there) - I posted the question detailing that mechanism here:
          I considered trying out spring-integration, but it does seem like shooting a fly with a bazooka - I just want to tweet (under my own account) and introducing so many layers of abstraction is undesirable.


          • #6
            Here is what my TwitterTemplate bean definition was that worked.

            <bean id="twitterTemplate" class=" .TwitterTemplate">
            <constructor-arg value="${twitter.oauth.consumerKey}"/>
            <constructor-arg value="${twitter.oauth.consumerSecret}"/>
            <constructor-arg value="${twitter.oauth.accessToken}"/>
            <constructor-arg value="${twitter.oauth.accessTokenSecret}"/>

            You just have to supply your keys and tokens.

            Oh an make sure your dev account on Twitter is showing it to be read/write

            It defaults to read only.



            • #7
              Yes, that is how I configured the template, and yes, the app is read-write - it stil is unable to send the request - I added details about that in the stackoverflow question.
              Thanks for the feedback.


              • #8
                Reading the StackOverflow question, it sounds like you may have got this to work by updating the version of Apache HTTP Client to 4.2.3? Is that correct?

                And, just to be clear...the access token you have is for *you*, right? You're not posting on behalf of a user of your application...just on behalf of yourself? Is that right? I didn't understand that to be the case when I first read your question.


                • #9
                  Yes and Yes - the issue was a bug in the 4.3-alpha1 version of httpclient. And yes, I only wanted to tweet on my own account, not on behalf of a user.
                  This is now resolved by downgrading to a GA version of httpclient.