Sample code for 30+ languages & platforms
AutoIt

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

Local $sConsumerKey = "TWITTER_CONSUMER_KEY"
Local $sConsumerSecret = "TWITTER_CONSUMER_SECRET"

Local $sRequestTokenUrl = "https://api.twitter.com/oauth/request_token"
Local $sAuthorizeUrl = "https://api.twitter.com/oauth/authorize"
Local $sAccessTokenUrl = "https://api.twitter.com/oauth/access_token"

; The port number is picked at random. It's some unused port that won't likely conflict with anything else..
Local $sCallbackUrl = "http://localhost:3017/"
Local $iCallbackLocalPort = 3017

; The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
$oHttp = ObjCreate("Chilkat.Http")

$oHttp.OAuth1 = True
$oHttp.OAuthConsumerKey = $sConsumerKey
$oHttp.OAuthConsumerSecret = $sConsumerSecret

$oReq = ObjCreate("Chilkat.HttpRequest")
$oReq.AddParam "oauth_callback",$sCallbackUrl

$oReq.HttpVerb = "POST"
$oReq.ContentType = "application/x-www-form-urlencoded"

$oResp = ObjCreate("Chilkat.HttpResponse")
$bSuccess = $oHttp.HttpReq($sRequestTokenUrl,$oReq,$oResp)
If ($bSuccess = False) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

; If successful, the resp.BodyStr contains something like this:  
; oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
ConsoleWrite($oResp.BodyStr & @CRLF)

If ($oResp.StatusCode <> 200) Then
    ConsoleWrite("Failed response status code: " & $oResp.StatusCode & @CRLF)
    Exit
EndIf

$oHashTab = ObjCreate("Chilkat.Hashtable")
$oHashTab.AddQueryParams($oResp.BodyStr)

Local $sRequestToken = $oHashTab.LookupStr("oauth_token")
Local $sRequestTokenSecret = $oHashTab.LookupStr("oauth_token_secret")
$oHttp.OAuthTokenSecret = $sRequestTokenSecret

ConsoleWrite("oauth_token = " & $sRequestToken & @CRLF)
ConsoleWrite("oauth_token_secret = " & $sRequestTokenSecret & @CRLF)

; ---------------------------------------------------------------------------
; The next step is to form a URL to send to the authorizeUrl
; This is an HTTP GET that we load into a popup browser.
$oSbUrlForBrowser = ObjCreate("Chilkat.StringBuilder")
$oSbUrlForBrowser.Append($sAuthorizeUrl)
$oSbUrlForBrowser.Append("?oauth_token=")
$oSbUrlForBrowser.Append($sRequestToken)
Local $sUrl = $oSbUrlForBrowser.GetAsString()

; Launch the system's default browser navigated to the URL.
$oOauth2 = ObjCreate("Chilkat.OAuth2")
$bSuccess = $oOauth2.LaunchBrowser($sUrl)
If ($bSuccess = False) Then
    ConsoleWrite($oOauth2.LastErrorText & @CRLF)
    Exit
EndIf

; When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
; We'll need to start a socket that is listening on port 3017 for the callback from the browser.
$oListenSock = ObjCreate("Chilkat.Socket")

Local $iBackLog = 5
$bSuccess = $oListenSock.BindAndListen($iCallbackLocalPort,$iBackLog)
If ($bSuccess = False) Then
    ConsoleWrite($oListenSock.LastErrorText & @CRLF)
    Exit
EndIf

; Wait for the browser's connection in a background thread.
; (We'll send load the URL into the browser following this..)
; Wait a max of 60 seconds before giving up.
$oSock = ObjCreate("Chilkat.Socket")
Local $iMaxWaitMs = 60000
Local $oTask = $oListenSock.AcceptNextAsync($iMaxWaitMs,$oSock)
$oTask.Run()

; Wait for the listenSock's task to complete.
$bSuccess = $oTask.Wait($iMaxWaitMs)
If (Not $bSuccess Or ($oTask.StatusInt <> 7) Or ($oTask.TaskSuccess <> True)) Then
    If (Not $bSuccess) Then
        ; The task.LastErrorText applies to the Wait method call.
        ConsoleWrite($oTask.LastErrorText & @CRLF)
    Else
        ; The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        ConsoleWrite($oTask.Status & @CRLF)
        ConsoleWrite($oTask.ResultErrorText & @CRLF)
    EndIf

    Exit
EndIf

; If we get to this point, the connection from the browser arrived and was accepted.

; We no longer need the listen socket...
; Stop listening on port 3017.
$oListenSock.Close(10)

; Read the start line of the request..
Local $startLine = $oSock.ReceiveUntilMatch(@CRLF)
If ($oSock.LastMethodSuccess = False) Then
    ConsoleWrite($oSock.LastErrorText & @CRLF)
    Exit
EndIf

; Read the request header.
Local $sRequestHeader = $oSock.ReceiveUntilMatch(@CRLF & @CRLF)
If ($oSock.LastMethodSuccess = False) Then
    ConsoleWrite($oSock.LastErrorText & @CRLF)
    Exit
EndIf

; The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
; Once the request header is received, we have all of it.
; We can now send our HTTP response.
$oSbResponseHtml = ObjCreate("Chilkat.StringBuilder")
$oSbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>")

$oSbResponse = ObjCreate("Chilkat.StringBuilder")
$oSbResponse.Append("HTTP/1.1 200 OK" & @CRLF)
$oSbResponse.Append("Content-Length: ")
$oSbResponse.AppendInt($oSbResponseHtml.Length)
$oSbResponse.Append(@CRLF)
$oSbResponse.Append("Content-Type: text/html" & @CRLF)
$oSbResponse.Append(@CRLF)
$oSbResponse.AppendSb($oSbResponseHtml)

$oSock.SendString($oSbResponse.GetAsString())
$oSock.Close(50)

; The information we need is in the startLine.
; For example, the startLine will look like this:
;  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
$oSbStartLine = ObjCreate("Chilkat.StringBuilder")
$oSbStartLine.Append($startLine)
Local $iNumReplacements = $oSbStartLine.Replace("GET /?","")
$iNumReplacements = $oSbStartLine.Replace(" HTTP/1.1","")
$oSbStartLine.Trim()

; oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
ConsoleWrite("startline: " & $oSbStartLine.GetAsString() & @CRLF)

$oHashTab.Clear 
$oHashTab.AddQueryParams($oSbStartLine.GetAsString())

$sRequestToken = $oHashTab.LookupStr("oauth_token")
Local $sAuthVerifier = $oHashTab.LookupStr("oauth_verifier")

; ------------------------------------------------------------------------------
; Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

$oHttp.OAuthToken = $sRequestToken
$oHttp.OAuthVerifier = $sAuthVerifier

; We don't need the "Authorization: OAuth ..." header for this POST.
$oHttp.OAuth1 = False
$oReq.RemoveParam "oauth_callback"
$oReq.AddParam "oauth_verifier",$sAuthVerifier
$oReq.AddParam "oauth_token",$sRequestToken

$oReq.HttpVerb = "POST"
$oReq.ContentType = "application/x-www-form-urlencoded"

$bSuccess = $oHttp.HttpReq($sAccessTokenUrl,$oReq,$oResp)
If ($bSuccess = False) Then
    ConsoleWrite($oHttp.LastErrorText & @CRLF)
    Exit
EndIf

; Make sure a successful response was received.
If ($oResp.StatusCode <> 200) Then
    ConsoleWrite($oResp.StatusLine & @CRLF)
    ConsoleWrite($oResp.Header & @CRLF)
    ConsoleWrite($oResp.BodyStr & @CRLF)
    Exit
EndIf

; If successful, the resp.BodyStr contains something like this:
; oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
ConsoleWrite($oResp.BodyStr & @CRLF)

$oHashTab.Clear 
$oHashTab.AddQueryParams($oResp.BodyStr)

Local $sAccessToken = $oHashTab.LookupStr("oauth_token")
Local $sAccessTokenSecret = $oHashTab.LookupStr("oauth_token_secret")
Local $sUserId = $oHashTab.LookupStr("user_id")
Local $screenName = $oHashTab.LookupStr("screen_name")

; The access token + secret is what should be saved and used for
; subsequent REST API calls.
ConsoleWrite("Access Token = " & $sAccessToken & @CRLF)
ConsoleWrite("Access Token Secret = " & $sAccessTokenSecret & @CRLF)
ConsoleWrite("user_id = " & $sUserId & @CRLF)
ConsoleWrite("screen_name  = " & $screenName & @CRLF)

; Save this access token for future calls.
; Just in case we need user_id and screen_name, save those also..
$oJson = ObjCreate("Chilkat.JsonObject")
$oJson.AppendString("oauth_token",$sAccessToken)
$oJson.AppendString("oauth_token_secret",$sAccessTokenSecret)
$oJson.AppendString("user_id",$sUserId)
$oJson.AppendString("screen_name",$screenName)

$oFac = ObjCreate("Chilkat.FileAccess")
$oFac.WriteEntireTextFile("qa_data/tokens/twitter.json",$oJson.Emit(),"utf-8",False)

ConsoleWrite("Success." & @CRLF)