Twitter's API Authentication
Go back to the introduction to Twitter's API tutorial
Twitter's API Authentication (Part 1)
There are two forms of authentication, both leveraging OAuth version 1.0A
The Application-only authentication is an example of Sign in with twitter
, it will redirect a user to the Twitter's site, sign in with their credentials, and then return to our site. User authentication is required for many user-specific API calls.
So, every time we access the Twitter API on behalf of a user, our user will be redirected to Twitter to authorize our application. Twitter will return tokens which do not expire until the user revokes them. We’ll use these tokens to authenticate our calls on behalf of this user.
Verifying Credentials
Every request sent to Twitter's API, as we learn must be authorized. To learn more about how to authorize a request read: Authorizing requests. So we will need first to get an OAuth access token
on behalf of a Twitter user (or, you could issue Application-only authenticated request when user context is not required). There are different options to get such token and it will depend on your use case. Here we will use the option Just want to access the API from your own account...
For our examples, we will use this approach.
The endpoint to verify credentials is https://api.twitter.com/1.1/account/verify_credentials.json
Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; returns a 401 status code and an error message if not. Use this method to test if supplied user credentials are valid.
Register an application
We will need to register a new application
with Twitter. Go to https://apps.twitter.com/app/new, fill the form, about the URLs, don't worry, since we won't be using the OAuth callback mechanism.
The first time you create a Twitter App, the application permissions will be Read-only
, at the moment is ok, we will need to change it at the end of the tutorial. To check the permissions, click the Permissions tab in your app.You will see something like this
As you can see, we will need to regenerate our access token when we change the permissions.
To obtain a consumer key (identifies your app) got to the 'Keys and Access Token' tab, here you will be able to get them from the Application Settings
sections.
By default access token (identifies a user of your app, you), are not generated as shown in the previous image, you need first to click on create my access token
to get them
Using OAuth to verify the credentials
The goal of this example is to show you how to use EiffelWeb with OAuth to verify your credentials with Twitter API. The code is here: APPLICATION.e
First copy the consumer keys and access tokens
feature {NONE} -- Consumers Key
api_key: STRING = ""
-- Consumer key
--| The consumer key identifies the application making the request.
api_secret: STRING = ""
-- Consumer secret
feature {NONE} -- Access Key
access_key: STRING = ""
-- The access token identifies the user making the request.
access_secret: STRING = ""
-- Secret token
In our feature make
first we will initialize our OAuth service api_service
with an object instance of OAUTH_10_TWITTER_API
using the consumer's keys
-- Initialization
create api_builder
create signature.make
signature.mark_query_string
-- Create the Twitter oauth service with the consumers key
api_service := api_builder.with_api (create {OAUTH_10_TWITTER_API}).with_api_key (api_key).with_api_secret (api_secret).build
Then we use our api_service
, to get the request token
request_token := api_service.request_token
We also need to create our access token, using our access_key
and access_secret
that we have generated and copied from the Twitter's App.
-- Create the access token that will identify the user making the request.
create access_token.make_token_secret (access_key, access_secret)
Finally, we create a request, sign it and execute, if the setup was done correctly, you will get a Response Status: 200 Ok.
-- Build the request and authorize it with OAuth.
create request.make ("GET", protected_resource_url)
api_service.sign_request (l_access_token, request)
if attached {OAUTH_RESPONSE} request.execute as l_response then
print ("%NOk, let see what we get from response status...")
print ("%NResponse: STATUS:" + l_response.status.out)
end
You will see in the console something like this if everything was Ok.
===Twitter OAuth Workflow using OAuth access token for the owner of the application ===
Get the request token
Got the Access Token!
Now we're going to verify our credentials...
Ok, let see what we get from response status...
Response: STATUS:200
Press Return to finish the execution...
`
Code Example
Get the code from here: https://github.com/EiffelWebFramework/cypress
apis
\twitter
\twitter_tutorial
\auth