Advanced Setup

Use OAuth Echo

OAuth Echo is a means to securely delegate OAuth authorization with a third party while interacting with an API.

For example, you may wish to verify a user’s credentials from your app’s server (the third party) rather than your app.

Instantiate TWTRCoreOAuthSigning

The TWTRCoreOAuthSigning protocol provides a convenient way to generate authorization headers for a user session. In TwitterKit, the TWTROAuthSigning class conforms to this protocol. It relies on the application auth config as well as a Twitter user session.

The TWTRAuthConfig object encapsulates the credentials to identify your Twitter application. You can get this object from the Twitter class (see code examples below)

A TWTRAuthSession object represents the user credentials of a Twitter user session. The TWTRSession class conforms to this protocol.

With a Twitter session:

// Objective-C
// Instantiates TWTROAuthSigning
TWTROAuthSigning *headerSigner = [[TWTROAuthSigning alloc] initWithAuthConfig:[Twitter sharedInstance].authConfig authSession:[Twitter sharedInstance].sessionStore.session];
// Swift
// Instantiates TWTROAuthSigning
if let session = Twitter.sharedInstance().sessionStore.session() as? TWTRSession {
  let headerSigner = TWTROAuthSigning(authConfig: Twitter.sharedInstance().authConfig, authSession: session)
  // Get header parameters for request
}

Create OAuth Echo Signing Headers

The easiest way to use OAuth Echo is by generating the authorization headers in the client. Use these headers to make a request to verify_credentials from outside the app.

// Objective-C
NSDictionary *authHeaders = [oauthSigning OAuthEchoHeadersToVerifyCredentials];
// Swift
let authHeaders = oauthSigning.OAuthEchoHeadersToVerifyCredentials()

The authHeaders dictionary contains the x-auth-service-provider (defined in the TWTROAuthEchoRequestURLStringKey constant) and x-verify-credentials-authorization (defined in the TWTROAuthEchoAuthorizationHeaderKey constant) keys. Your backend should take the OAuth signature in x-verify-credentials-authorization, and use it to set the authorization header for a request to the URL in x-auth-service-provider.

// Objective-C
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://api.yourbackend.com/check_credentials"]];
request.allHTTPHeaderFields = authHeaders;
// Swift
let request = NSMutableURLRequest(url: NSURL(string: "http://api.yourbackend.com/check_credentials"))
request.allHTTPHeaderFields = authHeaders