Single-user OAuth with Examples

Please note: Most developers will find working with Application-only authentication a superior approach than what is documented below. However, application-only authentication does not enable user actions such as posting Tweets or accessing Direct Messages, so this single access token may still be valid.

Twitter offers the ability for you to retrieve a single access token (complete with oauth_token_secret) from application detail pages found on dev.twitter.com.

This is ideal for applications with single-user use cases. You shouldn’t ever share the combination of your OAuth consumer key, secret, access token, and access token secret.

By using a single access token, you don’t need to implement the entire OAuth token acquisition dance. Instead, you can pick up from the point where you are working with an access token to make signed requests for Twitter resources.

Here are some tips with a few different OAuth libraries on how to get started using OAuth directly with an access token.

It’s still very helpful for you to read all about OAuth. These tips also generally apply for all contexts of using OAuth with access tokens, not just the “single user” use case.

Using the C#-based twitterizer Library

This tip is courtesy of Ricky Smith, author of twitterizer, a library for interfacing with the Twitter API that handles much of the OAuth implementation behind the scenes.

OAuthTokens tokens = new OAuthTokens();

tokens.ConsumerKey = "Consumer Key";
tokens.ConsumerSecret = "Consumer Secret";
tokens.AccessToken = "Access Key";
tokens.AccessTokenSecret = "Access Secret";

TwitterStatusCollection homeTimeline = TwitterStatus.GetHomeTimeline(tokens);

Using Twitter API ME by Ernandes Jr.

Twitter API ME is a Java library for interacting with Twitter using OAuth.

Token = new Token("token_access", "token_secret");
Credential c = new Credential("user_name", "consumer_key", "consumer_secret", token);
UserAccountManager m = UserAccountManager.getInstance(c);

if (m.verifyCredential()) {
  GeoLocation loc = new GeoLocation("+37.5", "+26.7");
  Tweet t = new Tweet("Cool! Geo-located tweet via Twitter API ME. \o/", loc);
  TweetER ter = TweetER.getInstance(m);
  t = ter.post(t);
}

Using @abraham’s PHP twitteroauth Library

Since this is a Twitter library and not just an OAuth library, there are many conveniences afforded to you with twitteroauth. You just need to setup the “connection actor” which makes the requests on the access token’s behalf.

function getConnectionWithAccessToken($oauth_token, $oauth_token_secret) {
  $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $oauth_token, $oauth_token_secret);
  return $connection;
}

$connection = getConnectionWithAccessToken("abcdefg", "hijklmnop");
$content = $connection->

get("statuses/home_timeline");

Using Python-OAuth2 library

The Python OAuth2 library handles the heavy lifting of signing requests for you and is an assembly of many peoples work. The readme gives some more examples of ways to interface with the Twitter API.

def oauth_req(url, key, secret, http_method="GET", post_body=””, http_headers=None):
    consumer = oauth2.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET)
    token = oauth2.Token(key=key, secret=secret)
    client = oauth2.Client(consumer, token)
    resp, content = client.request( url, method=http_method, body=post_body, headers=http_headers )
    return content

home_timeline = oauth_req( 'https://api.twitter.com/1.1/statuses/home_timeline.json', 'abcdefg', 'hijklmnop' )

Using the OAuth Ruby Gem

Starting with an access token is really easy with the OAuth Ruby gem.

# Exchange your oauth_token and oauth_token_secret for an AccessToken instance.
def prepare_access_token(oauth_token, oauth_token_secret)
    consumer = OAuth::Consumer.new("APIKey", "APISecret", { :site => "https://api.twitter.com", :scheme => :header })

    # now create the access token object from passed values
    token_hash = { :oauth_token => oauth_token, :oauth_token_secret => oauth_token_secret }
    access_token = OAuth::AccessToken.from_hash(consumer, token_hash )

    return access_token
end

# Exchange our oauth_token and oauth_token secret for the AccessToken instance.
access_token = prepare_access_token("abcdefg", "hijklmnop")

# use the access token as an agent to get the home timeline
response = access_token.request(:get, "https://api.twitter.com/1.1/statuses/home_timeline.json")