Twitter, OAuth, and Ruby on Rails integrated cookbook-style in the console (updated for Twitter 1.0)

Update March 17, 2011: This is a rewrite of my October post of the same name, modified for the changes that were made in the Twitter gem from 1.0 onward. John Nunemaker removed native oauth capability from the gem at 1.0, necessitating a rewrite of my instructions below.

As of August 31, 2010, Twitter officially deprecated HTTP Auth from the Twitter API in favor of OAuth. OAuth has a number of benefits as far as user authorization is concerned, but it is a tad complicated for the developer, especially if you simply want your application to interact with Twitter. So even if you aren’t concerned at all with authorizing your application’s users — for example, if you want your application to post tweet updates to its own account — OAuth is your only choice at this point. Here is a quick and dirty, cookbook-style recipe to get your Ruby on Rails application to interact with Twitter.

If you haven’t already, create the Twitter account that your Rails app will use. Verify the account, et cetera, and sign in to the Twitter web interface.

Navigate to and click “Register an app.” Complete the form, choosing “client” as the application type, and “Read & Write” as the access type. After saving your application, view the app’s settings screen and note the “consumer key” (also known as the consumer token) and “consumer secret” data fields — you’ll use those two items in a moment.

Add the Twitter gem dependency to your Rails application. In Rails 3 add the following line to your Gemfile:

gem 'oauth'
gem 'twitter'

…and then type “bundle install” at the command line to install the gem.

Now let’s go into the Rails console by typing “rails c”. You need to jump through some one-time hoops in order to get the final tokens necessary to repeatedly authenticate your application to Twitter.

First, set up the Consumer Tokens that came from your Application Settings screen in Twitter:

> ctoken = 'your_consumer_token'
  => "your_consumer_token"
> csecret = 'your_consumer_secret'
  => "your_consumer_secret"

OAuth is a multi-stage auth mechanism. In stage one we transition from Consumer Tokens to Request Tokens:

> oa =, csecret, :site => '', :request_endpoint => '', :sign_in => true)
  => #<OAuth::Consumer:blah blah>
> rt = oa.get_request_token
> rsecret = rt.secret
 => "your_request_secret"
> rtoken = rt.token
 => "your_request_token"

Next is a one-time step. Edit the following URL to reflect your own request token string from above, paste into your web browser, click “Allow access” when prompted. You can ignore the 7-digit PIN that results; you won’t need it.

Now back to OAuth. In stage two we use the Request Tokens to get Access Tokens:

> at = rt.get_access_token
> asecret = at.secret
> atoken = at.token

Twitter is apparently not expiring Access Tokens. They and the Consumer Tokens are the pieces of this whole tutorial that actually matter. You should save these in a configuration file or in your application to use over and over.

Here in stage three we (finally!) authenticate to Twitter using Access Tokens:

Twitter.configure do |config|
  config.consumer_key       = ctoken
  config.consumer_secret    = csecret
  config.oauth_token        = atoken
  config.oauth_token_secret = asecret

To test whether authentication worked, let’s set up a Twitter client and post something to our Twitter account:

> client =
> client.update('Test post from the console')

Back in your browser, note your Twitter timeline and confirm that the test post made it through properly.

Again, those were mostly one-time steps, provided you saved your Consumer Tokens and your Access Tokens. The next time you want to post a tweet from your application it is much simpler:

Twitter.configure do |config|
  config.consumer_key       = configatron.ctoken
  config.consumer_secret    = configatron.csecret
  config.oauth_token        = configatron.atoken
  config.oauth_token_secret = configatron.asecret
client =
client.update('Another test post')

8 thoughts on “Twitter, OAuth, and Ruby on Rails integrated cookbook-style in the console (updated for Twitter 1.0)

  1. Great post, thanks! I’m sure anybody reading this would do this anyway, but it’s maybe worth mentioning that one should put the Twitter.configure block into a file in config/initializers then restart the console to save having to paste it in there.

  2. I get an oauth_token that contains my user id and another token (user_id-oauth_token). Is this normal?

    Then I try to tweet from my application but i receive this message:

    POST 401: Invalid / expired Token

    I have checked all the tokens twice and i get the same oauth_token and oauth_token_secret

    Any suggestion? please!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s