Multi-user Twitter Applications

From charlesreid1

We're going to assume you're setting up a Twitterbot to use a Twitterbot app (as described at the Twitterbots page), and that you're going to use The Hard Way to enable authorization between your Twitterbot and your app. This will enable you to authorize an arbitrary number of users with a single app.

If you go with The Hard Way, the Twitter account you use to create the app should be your primary Twitter account, or an app that is exclusively for deploying the app. (Side note: while Twitter will normally delete inactive accounts, i.e., accounts that have no tweets, if an account owns an app and has never tweeted, Twitter will still consider this an active account, and will not delete it.)

Assuming you've created your app, you now need to modify it to enable it to authorize Twitter users other than the Twitter user who created the app. I'm following this article https://dev.twitter.com/docs/auth/pin-based-authorization for PIN-based authentication.

Process Breakdown

Normal Sign-In/Authorization

A normal sign-in or user authorization procedure follows these basic steps:

First, we send a POST request to Twitter servers containing a request for OAuth tokens.

Next, Twitter's servers respond to the GET request with a public and private OAuth token.

Now, the user has a public OAuth token, and the app can redirect the user anywhere it wants, and as long as that public OAuth token is included in the URL, the user is effectively signed in with Twitter.

Users can either be redirected to api.twitter.com/oauth/authenticate?oauth_token=[OAuth Token Returned By Twitter Goes Here], or alternatively, to an arbitrary URL like mysite.com/stuff?oauth_token=[...].

This public OAuth token allows third parties to authorize users via Twitter, without handling their usernames and passwords directly.

Implementation

Using either Python or PHP...

Probably PHP, because I haven't dealt with POST and GET in Python yet and this is a bit of a one-shot thing.

Here's a simple script to send a POST message with PHP, via http://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php: 

<?php
$url = 'http://server.com/path';
$data = array('key1' => 'value1', 'key2' => 'value2');

// use key 'http' even if you send the request to https://...
$options = array(
    'http' => array(
        'header'  => "Content-type: text/html; charset=utf-8\r\n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);

var_dump($result);
?>

Now here's that same script, but modified for a Twitter sign-in request: 

<?php
$url = 'https://api.twitter.com/oauth/request_token';
$data = array('oauth_callback' => 'oob'); // value is set to "oob" following https://dev.twitter.com/docs/auth/pin-based-authorization

// use key 'http' even if you send the request to https://...
$options = array(
    'http' => array(
        'header'  => "Content-type: text/html; charset=utf-8\r\n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);

var_dump($result);
?>


Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Multi-user_Twitter_Applications&oldid=24614"