In the recent update to OAuth 1.0a, there were two critical changes required:
Web-apps should specify the oauth_callback
Through trial-and-error, I found that if you don't explicitly specify the oauth_callback when going through the authorization process, twitter will halt at the PIN page (behaving as if you are using a client application). That's easily fixed..
request_token = consumer.get_request_token( :oauth_callback => TWOAUTH_CALLBACK )
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
# Send to twitter.com to authorize
redirect_to request_token.authorize_url
NB: the root cause is that oauth 0.3.5 sets "oob" as the oauth_callback if you don't explicitly set it. This triggers the twitter desktop PIN flow.
Include the oauth_verifier when exchanging the request token for an access token
Next, the major change in 1.0a was to add an oauth_verifier parameter. Twitter sends this back to you after the user has authorized access, and you need to include this parameter when exchanging the request token for an access token.
request_token = OAuth::RequestToken.new(consumer, session[:request_token], session[:request_token_secret])
access_token = request_token.get_access_token( :oauth_verifier => params[:oauth_verifier] )
An example application
I've created a minimalist application that demonstrates the twitter API with OAuth 1.0a in rails. I've set this up to run at heroku.
The source is at github for all to share: http://github.com/tardate/rails-twitter-oauth-sample/tree/master
And there's a running demo site at http://rails-twitter-oauth-sample.heroku.com.
9 comments:
Wow, finally a solution. So thankful to find your post regarding the "oauth_callback".
Cheers,
Rich
Thanks Rich, hth.
I tend to post this kind of thing as a personal aide memoire, but it's always great to hear that someone else gets a boost as a result (even if in just a small way like this one).
oauth_callback saved the day for me. thanks
Thanks Tyler. btw, I've just posted an update to the sample on github that includes the new cursor-based social graph methods.
I'm trying to run your example app but I'm getting 'Twitter API failure (account login)'. The log output looks:
Processing MembersController#new (for 127.0.0.1 at 2010-05-27 11:23:46) [GET]
Failed to login via OAuth
Redirected to http://localhost:3000/
Filter chain halted as [:oauth_login_required] rendered_or_redirected.
Completed in 12ms (DB: 0) | 302 Found [http://localhost/members/new]
Any suggestions?
@lobati ... I just checked http://rails-twitter-oauth-sample.heroku.com/ to make sure it still works (and not broken by any API changes I might have overlooked).
The good news is that it does.
So I'd suspect your problem is in the twitter oauth app configuration, or perhaps the way you are testing. It appears you may be using localhost:3000. See the notes at part 11 of the readme about testing with a domain name that matches your oauth registration.
paul
@lobati f/u ... looks like you may have hit an issue with the newer oauth 0.4.0 gem. I've just pushed an update to the twitter oauth sample that addresses the problem.
(basically: in oauth 0.4.0 you must require 'oauth' to get all the necessary dependencies included; previously the oauth sample had just been requiring 'oauth/consumer', which was fine with oauth 0.3.6 and earlier)
Very helpful app, although initially I couldn't get past the callback stage until I starting using oauth-0.3.6 instead of 0.4.0. Many thanks, Chris
Thank you so much for clarifying many of my doubts!
Cheers,
Aline
Post a Comment