Advanced Setup

Notify Twitter Kit of openURL


Be sure to correctly add URL Scheme in Info.plist by following last section of installation document.

When your user completes authorization, the Twitter API will pass a verification token back to your app using the twitterkit-<consumerKey> URL scheme. To complete the process and create a user session, Twitter Kit needs to handle this URL from your App Delegate:

- (BOOL)application:(UIApplication *)app openURL:(NSURL *)url options:(NSDictionary<NSString *,id> *)options
    if ([[Twitter sharedInstance] application:app openURL:url options:options]) {
        return YES;

    // If you handle other (non Twitter Kit) URLs elsewhere in your app, return YES. Otherwise
    return NO;
func application(app: UIApplication, openURL url: NSURL, options: [String : AnyObject]) -> Bool {
    if Twitter.sharedInstance().application(app, openURL:url, options: options) {
        return true

    // If you handle other (non Twitter Kit) URLs elsewhere in your app, return true. Otherwise
    return false

Use OAuth Echo

OAuth Echo is a means to securely delegate OAuth authorization with a third party while interacting with an API.

For example, you may wish to verify a user’s credentials from your app’s server (the third party) rather than your app.

Instantiate TWTRCoreOAuthSigning

The TWTRCoreOAuthSigning protocol provides a convenient way to generate authorization headers for a user session. In TwitterKit, the TWTROAuthSigning class conforms to this protocol. It relies on the application auth config as well as a Twitter user session.

The TWTRAuthConfig object encapsulates the credentials to identify your Twitter application. You can get this object from the Twitter class (see code examples below)

A TWTRAuthSession object represents the user credentials of a Twitter user session. The TWTRSession class conforms to this protocol.

With a Twitter session:

// Objective-C
// Instantiates TWTROAuthSigning
TWTROAuthSigning *oauthSigning = [[TWTROAuthSigning alloc] initWithAuthConfig:[Twitter sharedInstance].authConfig authSession:[Twitter sharedInstance].session];
// Swift
// Instantiates TWTROAuthSigning
let twitter = Twitter.sharedInstance()
let oauthSigning = TWTROAuthSigning(authConfig:twitter.authConfig, authSession:twitter.session())

Create OAuth Echo Signing Headers

The easiest way to use OAuth Echo is by generating the authorization headers in the client. Use these headers to make a request to verify_credentials from outside the app.

// Objective-C
NSDictionary *authHeaders = [oauthSigning OAuthEchoHeadersToVerifyCredentials];
// Swift
let authHeaders = oauthSigning.OAuthEchoHeadersToVerifyCredentials()

The authHeaders dictionary contains the X-Auth-Service-Provider (defined in the TWTROAuthEchoRequestURLStringKey constant) and X-Verify-Credentials-Authorization (defined in the TWTROAuthEchoAuthorizationHeaderKey constant) keys. Your backend should take the OAuth signature in X-Verify-Credentials-Authorization, and use it to set the Authorization header for a request to the URL in X-Auth-Service-Provider.

// Objective-C
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@""]];
request.allHTTPHeaderFields = authHeaders;
// Swift
let request = NSMutableURLRequest(URL: NSURL(string: ""))
request.allHTTPHeaderFields = authHeaders