Sinitter is a [sinatra](http://github.com/bmizerany/sinatra/tree/master) application to demonstrate the integration of Twitter OAuth via the [twitter_oauth](http://github.com/moomerman/twitter_oauth/tree/master) gem.
You can see sinitter running at [http://sinitter.moocode.com/](http://sinitter.moocode.com/).
To run the application locally you’ll need to [create a Twitter OAuth Application](http://twitter.com/oauth_clients/new).
Once your application is setup you will have a consumer key and consumer secret. Create config.yml in the root of sinitter eg.
consumer_key: YOUR-CONSUMER-KEY
consumer_secret: YOUR-CONSUMER-SECRET
Grab the twitter_oauth gem:
gem sources -a http://gems.github.com
sudo gem install moomerman-twitter_oauth
Run:
./sinitter.rb
The application should now be available at http://localhost:4567/
Firstly you need an instance of the Twitter OAuth API client with your credentials.
@client = TwitterOAuth::Client.new(
:consumer_key => @@config['consumer_key'],
:consumer_secret => @@config['consumer_secret'],
)
This client handles all the communication and authentication with Twitter. The next stage is to prompt the user to click something on your site that initiates the authorization procedure – imagine this is a link to /connect
on your site, this is what the code might look like
get '/connect' do
request_token = @client.request_token
session[:request_token] = request_token.token
session[:request_token_secret] = request_token.secret
redirect request_token.authorize_url
end
We have just created a new request token and stored the details of the token in the session for when the user is returned to your site by Twitter. Then we have redirected to the authorize_url that will take the user to the Twitter site.
When you configure your application details on Twitter you have to specify a callback URL. In this example let us assume it is /auth
get '/auth' do
# Exchange the request token for an access token.
@access_token = @client.authorize(
session[:request_token],
session[:request_token_secret]
)
if @client.authorized?
# Storing the access tokens so we don't have to go back to Twitter again
# in this session. In a larger app you would probably persist these details somewhere.
session[:access_token] = @access_token.token
session[:secret_token] = @access_token.secret
session[:user] = true
redirect '/home'
else
redirect '/login'
end
end
Here we have retrieved the request token details from the session and asked Twitter to confirm the authorization, if this has all gone according to plan you will now have an access token for this user. The access token never expires (unless the user removes your aplication from their settings page) so you can use that in the future without having to do the authorization process again.
To start making authorized requests we can now create an instance of the API client with this users access token
@client = TwitterOAuth::Client.new(
:consumer_key => @@config['consumer_key'],
:consumer_secret => @@config['consumer_secret'],
:token => session[:access_token],
:secret => session[:secret_token]
)
Now we’re ready to call the API on behalf of this user. Here is an example action that updates the users status on twitter
post '/update' do
@client.update(params[:update])
redirect '/'
end
That’s it!