Skip to content

Posting to Twitter automatically using OAuth

Twitter recently switched off basic HTTP authentication, forcing developers to use the more complex (but hopefully safer) OAuth. There are lots of OAuth examples out there, but they all seem to focus on interactive apps, where the user is sent to Twitter to authenticate, and then the app uses the resulting access token to post on the user’s behalf.

However, for FuncNet we have a simple script running in a cron job, which posts a status message to @FuncNet every so often. This runs without any supervision, so I was left scratching my head as to how I could obtain the access token and access token secret required to post. The app registration page at http://twitter.com/oauth_clients/details/NNNNNN for each app only shows its consumer key and consumer secret which are something different.

Eventually, thanks to Net::Twitter developer Marc Mims on this thread, I discovered that there’s a whole separate page for each app at http://dev.twitter.com/apps/NNNNNN/my_token which has the access token and access token secret required for the app to post to its own account.

N.B. In the URLs above, NNNNNN corresponds to the numeric ID for your application. If you don’t know what this is, just go to http://dev.twitter.com/apps, click on the app name to get the consumer strings, and then click on My Access Token to get the access strings.

Once you have these, you can post like this (thanks again to Marc for example):

    use Net::Twitter;
 
    my $nt = Net::Twitter->new(
        traits => [qw/OAuth API::REST/],
        consumer_key        => $YOUR_CONSUMER_KEY,
        consumer_secret     => $YOUR_CONSUMER_SECRET,
        access_token        => $YOUR_ACCESS_TOKEN,
        access_token_secret => $YOUR_ACCESS_SECRET,
    );
 
    $nt->update("Bob's your uncle!");

Why you need 4 distinct incomprehensible strings in order to post a single tweet, I don’t know, but presumably it’s justified on security grounds. What isn’t justified is Twitter hiding two of them somewhere else entirely, and not linking to that place from the main OAuth page for the app.

Not useful, guys.

UPDATE: It seems there are bigger problems with Twitter’s new process. This detailed ArsTechnica article describes OAuth 1.0a as “an inelegant hack” and Twitter’s implementation of it as being “against all reason”.

If you’re having trouble with it, you’re not alone; it seems almost designed to cause problems for app developers, and particularly open-source app developers. The article’s well worth a read.

Share/save this page:
  • email
  • Google Bookmarks
  • Twitter
  • FriendFeed
  • del.icio.us
  • Digg
  • Reddit
  • StumbleUpon
  • Technorati
  • DZone
  • Slashdot
  • Fark
  • Facebook
  • MySpace
  • LinkedIn
  • Live
  • connotea