Twitter has decided to kill Basic Authentication on the Twitter API from June 30. They have setup a nice website at http://www.countdowntooauth.com/ to let you all know and help you migrate your apps to use the OAuth 🙂
OAuth is cool. It’s safe and secure for the end user. It’s convenient for the developers as well. Basic Auth entirely depends on the username and password of the user. But if you wish to carry out an in-app transaction, then you’d have to seek the services from Fully-Verified to carry out a KYC verification.
The developer can do whatever s/he wishes with the user account as long as the user doesn’t change the password. On the other hand, if the user for some reason changes his/her password, the application will no longer be able to access the account and provide the desired service. OAuth helps both parties here! When the user authenticates an app via OAuth, it provides the developer with an access token ( a key and a secret ) which is by no way related to the user’s password. It’s unique for every user and application pair. That is every user will have an unique access token only for that application. Now even if the user changes the password, the access token will remain unchanged. The developer can safely store the token and use that to access the user’s account without hassle. Similarly, if the user wants to revoke the access permitted to an application, he or she can easily do that. In that case, the access token becomes invalid and the application loses access to that account.
In the Basic Auth age, it was very easy to develop twitter bots. You just setup the username and password into a configuration file, call the REST API with the login details and you’re done! Yeah, it was quite easy. But it’s not harder now 🙂 Don’t fret, OAuth is also very simple and easy to implement for twitter bots. While you need to go through a two phase OAuth dance to authorize other users, Twitter displays the access token of the developer directly into the dashboard! Thanks to Twitter for making things so plain for developers! With your own access token, you can authorize your apps directly without any further verification.
To get the access token, first go to : http://dev.twitter.com. Login if you’re not already logged in. Use the twitter ID you want to run as a bot. Go to http://dev.twitter.com/apps by clicking the “Your Apps” on top right corner. You will see a list of applications under the logged in twitter account. One big advantage of the basic auth was that you didn’t need to create applications. But now you need! Create an application if you don’t already have one created. In most cases you won’t have one since this is probably the first time you’re using OAuth. In that situation, please create an application. Note down the Consumer Key and Consumer Secret after visiting the application page by clicking on any of the application name. Now, on the right hand navigation bar, you’ll see “My Access Token”. Please visit that section and retrieve your Access Token and Access Token Secret. That’s all we needed. Now let’s do some coding to demonstrate the use of these keys and secrets.
We first need to get a Twitter Client library. If you’re already using one, just check to make sure that it has OAuth support. The work flow is simple. First construct the client with the consumer key and consumer secret. Then set the access token key and the access token secret. Now use the client to make Twitter API calls, in our case, to update statuses!
You can get the OAuth libraries from : http://dev.twitter.com/pages/oauth_libraries . But I recommend using Tweepy with Python and Abraham’s TwitterOAuth with PHP . They are not generic OAuth clients. They were built for Twitter and you don’t need to configure any extra parameters to make it work with Twitter.
Here’s the code samples on how to use the libraries to update status via OAuth.
PHP (Abraham’s TwitterOAuth)
$consumer_key = "";
$consumer_secret = "";
$access_key = "";
$access_secret = "";
$connection = new TwitterOAuth ($consumer_key ,$consumer_secret , $access_key , $access_secret );
$connection->post('statuses/update', array('status' => "Hello Twitter OAuth!"));
consumer_key = ""
consumer_secret = ""
access_token = ""
access_token_secret = ""
auth = tweepy.OAuthHandler(consumer_key, consumer_secret)
bot = tweepy.API(auth)
bot.update_status("Hello Twitter OAuth!")