my recent reads..

Atomic Accidents: A History of Nuclear Meltdowns and Disasters; From the Ozark Mountains to Fukushima
Power Sources and Supplies: World Class Designs
Red Storm Rising
Locked On
Analog Circuits Cookbook
The Teeth Of The Tiger
Sharpe's Gold
Without Remorse
Practical Oscillator Handbook
Red Rabbit

Monday, June 29, 2009

Using Twitter OAuth with Rails + sample

I've been using rails with the Twitter REST API of late, using the oauth gem as the base. It works well, but keeping up with the API changes can be a challenge!

In the recent update to OAuth 1.0a, there were two critical changes required:

Web-apps should specify the oauth_callback

Through trial-and-error, I found that if you don't explicitly specify the oauth_callback when going through the authorization process, twitter will halt at the PIN page (behaving as if you are using a client application). That's easily fixed..
request_token = consumer.get_request_token( :oauth_callback => TWOAUTH_CALLBACK )
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
# Send to to authorize
redirect_to request_token.authorize_url

NB: the root cause is that oauth 0.3.5 sets "oob" as the oauth_callback if you don't explicitly set it. This triggers the twitter desktop PIN flow.

Include the oauth_verifier when exchanging the request token for an access token

Next, the major change in 1.0a was to add an oauth_verifier parameter. Twitter sends this back to you after the user has authorized access, and you need to include this parameter when exchanging the request token for an access token.
request_token =, session[:request_token], session[:request_token_secret])
access_token = request_token.get_access_token( :oauth_verifier => params[:oauth_verifier] )

An example application

I've created a minimalist application that demonstrates the twitter API with OAuth 1.0a in rails. I've set this up to run at heroku.

The source is at github for all to share:

And there's a running demo site at


Rich said...

Wow, finally a solution. So thankful to find your post regarding the "oauth_callback".



Paul said...

Thanks Rich, hth.

I tend to post this kind of thing as a personal aide memoire, but it's always great to hear that someone else gets a boost as a result (even if in just a small way like this one).

Tyler Gillies said...

oauth_callback saved the day for me. thanks

Paul said...

Thanks Tyler. btw, I've just posted an update to the sample on github that includes the new cursor-based social graph methods.

lobati said...

I'm trying to run your example app but I'm getting 'Twitter API failure (account login)'. The log output looks:

Processing MembersController#new (for at 2010-05-27 11:23:46) [GET]
Failed to login via OAuth
Redirected to http://localhost:3000/
Filter chain halted as [:oauth_login_required] rendered_or_redirected.
Completed in 12ms (DB: 0) | 302 Found [http://localhost/members/new]

Any suggestions?

Paul said...

@lobati ... I just checked to make sure it still works (and not broken by any API changes I might have overlooked).

The good news is that it does.

So I'd suspect your problem is in the twitter oauth app configuration, or perhaps the way you are testing. It appears you may be using localhost:3000. See the notes at part 11 of the readme about testing with a domain name that matches your oauth registration.


Paul said...

@lobati f/u ... looks like you may have hit an issue with the newer oauth 0.4.0 gem. I've just pushed an update to the twitter oauth sample that addresses the problem.

(basically: in oauth 0.4.0 you must require 'oauth' to get all the necessary dependencies included; previously the oauth sample had just been requiring 'oauth/consumer', which was fine with oauth 0.3.6 and earlier)

ChrisLoftus said...

Very helpful app, although initially I couldn't get past the callback stage until I starting using oauth-0.3.6 instead of 0.4.0. Many thanks, Chris

Aline Bessa said...

Thank you so much for clarifying many of my doubts!