Update March 17, 2011: This is a rewrite of my October post of the same name, modified for the changes that were made in the Twitter gem from 1.0 onward. John Nunemaker removed native oauth capability from the gem at 1.0, necessitating a rewrite of my instructions below.
As of August 31, 2010, Twitter officially deprecated HTTP Auth from the Twitter API in favor of OAuth. OAuth has a number of benefits as far as user authorization is concerned, but it is a tad complicated for the developer, especially if you simply want your application to interact with Twitter. So even if you aren’t concerned at all with authorizing your application’s users — for example, if you want your application to post tweet updates to its own account — OAuth is your only choice at this point. Here is a quick and dirty, cookbook-style recipe to get your Ruby on Rails application to interact with Twitter.
If you haven’t already, create the Twitter account that your Rails app will use. Verify the account, et cetera, and sign in to the Twitter web interface.
Navigate to http://dev.twitter.com/ and click “Register an app.” Complete the form, choosing “client” as the application type, and “Read & Write” as the access type. After saving your application, view the app’s settings screen and note the “consumer key” (also known as the consumer token) and “consumer secret” data fields — you’ll use those two items in a moment.
Add the Twitter gem dependency to your Rails application. In Rails 3 add the following line to your Gemfile:
gem 'oauth' gem 'twitter'
…and then type “bundle install” at the command line to install the gem.
Now let’s go into the Rails console by typing “rails c”. You need to jump through some one-time hoops in order to get the final tokens necessary to repeatedly authenticate your application to Twitter.
First, set up the Consumer Tokens that came from your Application Settings screen in Twitter:
> ctoken = 'your_consumer_token' => "your_consumer_token" > csecret = 'your_consumer_secret' => "your_consumer_secret"
OAuth is a multi-stage auth mechanism. In stage one we transition from Consumer Tokens to Request Tokens:
> oa = OAuth::Consumer.new(ctoken, csecret, :site => 'http://api.twitter.com', :request_endpoint => 'http://api.twitter.com', :sign_in => true) => #<OAuth::Consumer:blah blah> > rt = oa.get_request_token > rsecret = rt.secret => "your_request_secret" > rtoken = rt.token => "your_request_token"
Next is a one-time step. Edit the following URL to reflect your own request token string from above, paste into your web browser, click “Allow access” when prompted. You can ignore the 7-digit PIN that results; you won’t need it.
Now back to OAuth. In stage two we use the Request Tokens to get Access Tokens:
> at = rt.get_access_token > asecret = at.secret > atoken = at.token
Twitter is apparently not expiring Access Tokens. They and the Consumer Tokens are the pieces of this whole tutorial that actually matter. You should save these in a configuration file or in your application to use over and over.
Here in stage three we (finally!) authenticate to Twitter using Access Tokens:
Twitter.configure do |config| config.consumer_key = ctoken config.consumer_secret = csecret config.oauth_token = atoken config.oauth_token_secret = asecret end
To test whether authentication worked, let’s set up a Twitter client and post something to our Twitter account:
> client = Twitter::Client.new > client.update('Test post from the console')
Back in your browser, note your Twitter timeline and confirm that the test post made it through properly.
Again, those were mostly one-time steps, provided you saved your Consumer Tokens and your Access Tokens. The next time you want to post a tweet from your application it is much simpler:
Twitter.configure do |config| config.consumer_key = configatron.ctoken config.consumer_secret = configatron.csecret config.oauth_token = configatron.atoken config.oauth_token_secret = configatron.asecret end client = Twitter::Client.new client.update('Another test post')