Single-user OAuth with Examples

API version 1API version 1.1
Updated on Mon, 2014-01-27 20:07

Please note: Most developers will find working with Application-only authentication a superior approach than what is documented below.

Twitter offers the ability for you to retrieve a single access token (complete with oauth_token_secret) from application detail pages found on dev.twitter.com.

This is ideal for applications migrating to OAuth with single-user use cases. You shouldn't ever share the combination of your OAuth consumer key, secret, access token, and access token secret.

By using a single access token, you don't need to implement the entire OAuth token acquisition dance. Instead, you can pick up from the point where you are working with an access token to make signed requests for Twitter resources.

Here are some tips with a few different OAuth libraries on how to get started using OAuth directly with an access token.

It's still very helpful for you to read all about OAuth. These tips also generally apply for all contexts of using OAuth with access tokens, not just the "single user" use case.

Using the C#-based twitterizer Library

This tip is courtesy of Ricky Smith, author of twitterizer, a library for interfacing with the Twitter API that handles much of the OAuth implementation behind the scenes.

  1. OAuthTokens tokens = new OAuthTokens();
  2. tokens.ConsumerKey = "Consumer Key";
  3. tokens.ConsumerSecret = "Consumer Secret";
  4. tokens.AccessToken = "Access Key";
  5. tokens.AccessTokenSecret = "Access Secret";
  6.  
  7. TwitterStatusCollection homeTimeline = TwitterStatus.GetHomeTimeline(tokens);

Using Twitter API ME by Ernandes Jr.

Twitter API ME is a Java library for interacting with Twitter using OAuth.

  1.   Token = new Token("token_access", "token_secret");
  2.   Credential c = new Credential("user_name", "consumer_key", "consumer_secret", token);
  3.  
  4.   UserAccountManager m = UserAccountManager.getInstance(c);
  5.  
  6.   if (m.verifyCredential()) {
  7.     GeoLocation loc = new GeoLocation("+37.5", "+26.7");
  8.     Tweet t = new Tweet("Cool! Geo-located tweet via Twitter API ME. \o/", loc);
  9.     TweetER ter = TweetER.getInstance(m);
  10.     t = ter.post(t);
  11.   }

Using @abraham's PHP twitteroauth Library

Since this is a Twitter library and not just an OAuth library, there are many conveniences afforded to you with twitteroauth. You just need to setup the "connection actor" which makes the requests on the access token's behalf. 

  1. function getConnectionWithAccessToken($oauth_token, $oauth_token_secret) {
  2.   $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
  3.   return $connection;
  4. }
  5.  
  6. $connection = getConnectionWithAccessToken("abcdefg", "hijklmnop");
  7. $content = $connection->get("statuses/home_timeline");

Using Brosner's Python-OAuth2 library

The Python OAuth2 library handles the heavy lifting of signing requests for you and is an assembly of many peoples work. The readme gives some more examples of ways to interface with the Twitter API.

  1. def oauth_req(url, key, secret, http_method="GET", post_body=None,
  2.         http_headers=None):
  3.     consumer = oauth.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET)
  4.     token = oauth.Token(key=key, secret=secret)
  5.     client = oauth.Client(consumer, token)
  6.  
  7.     resp, content = client.request(
  8.         url,
  9.         method=http_method,
  10.         body=post_body,
  11.         headers=http_headers,
  12.         force_auth_header=True
  13.     )
  14.     return content
  15.  
  16. home_timeline = oauth_req(
  17.   'https://api.twitter.com/1.1/statuses/home_timeline.json',
  18.   'abcdefg',
  19.   'hijklmnop'
  20. )

Using the OAuth Ruby Gem

Starting with an access token is really easy with the OAuth Ruby gem.

  1. # Exchange your oauth_token and oauth_token_secret for an AccessToken instance.
  2. def prepare_access_token(oauth_token, oauth_token_secret)
  3.   consumer = OAuth::Consumer.new("APIKey", "APISecret",
  4.     { :site => "https://api.twitter.com",
  5.       :scheme => :header
  6.     })
  7.   # now create the access token object from passed values
  8.   token_hash = { :oauth_token => oauth_token,
  9.                  :oauth_token_secret => oauth_token_secret
  10.                }
  11.   access_token = OAuth::AccessToken.from_hash(consumer, token_hash )
  12.   return access_token
  13. end
  14.  
  15. # Exchange our oauth_token and oauth_token secret for the AccessToken instance.
  16. access_token = prepare_access_token("abcdefg", "hijklmnop")
  17. # use the access token as an agent to get the home timeline
  18. response = access_token.request(:get, "https://api.twitter.com/1.1/statuses/home_timeline.json")