Advanced Setup

Use OAuth Echo

OAuth Echo is a means to securely delegate OAuth authorization with a third party while interacting with an API.

For example, you may wish to verify a user’s credentials from your app’s server (the third party) rather than your app.

Instantiate TWTRCoreOAuthSigning

The TWTRCoreOAuthSigning protocol provides a convenient way to generate authorization headers for a user session. In TwitterKit, the TWTROAuthSigning class conforms to this protocol. It relies on the application auth config as well as a Twitter user session.

The TWTRAuthConfig object encapsulates the credentials to identify your Twitter application. You can get this object from the Twitter class (see code examples below)

A TWTRAuthSession object represents the user credentials of a Twitter user session. The TWTRSession class conforms to this protocol.

With a Twitter session:

// Objective-C
// Instantiates TWTROAuthSigning
TWTROAuthSigning *headerSigner = [[TWTROAuthSigning alloc] initWithAuthConfig:[Twitter sharedInstance].authConfig authSession:[Twitter sharedInstance].sessionStore.session];
// Swift
// Instantiates TWTROAuthSigning
if let session = Twitter.sharedInstance().sessionStore.session() as? TWTRSession {
  let headerSigner = TWTROAuthSigning(authConfig: Twitter.sharedInstance().authConfig, authSession: session)
  // Get header parameters for request

Create OAuth Echo Signing Headers

The easiest way to use OAuth Echo is by generating the authorization headers in the client. Use these headers to make a request to verify_credentials from outside the app.

// Objective-C
NSDictionary *authHeaders = [oauthSigning OAuthEchoHeadersToVerifyCredentials];
// Swift
let authHeaders = oauthSigning.OAuthEchoHeadersToVerifyCredentials()

The authHeaders dictionary contains the x-auth-service-provider (defined in the TWTROAuthEchoRequestURLStringKey constant) and x-verify-credentials-authorization (defined in the TWTROAuthEchoAuthorizationHeaderKey constant) keys. Your backend should take the OAuth signature in x-verify-credentials-authorization, and use it to set the authorization header for a request to the URL in x-auth-service-provider.

// Objective-C
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@""]];
request.allHTTPHeaderFields = authHeaders;
// Swift
let request = NSMutableURLRequest(url: NSURL(string: ""))
request.allHTTPHeaderFields = authHeaders