Sample code for 30+ languages & platforms
Go

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Go Downloads

Go
    success := false

    consumerKey := "TWITTER_CONSUMER_KEY"
    consumerSecret := "TWITTER_CONSUMER_SECRET"

    requestTokenUrl := "https://api.twitter.com/oauth/request_token"
    authorizeUrl := "https://api.twitter.com/oauth/authorize"
    accessTokenUrl := "https://api.twitter.com/oauth/access_token"

    // The port number is picked at random. It's some unused port that won't likely conflict with anything else..
    callbackUrl := "http://localhost:3017/"
    callbackLocalPort := 3017

    // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
    http := chilkat.NewHttp()

    http.SetOAuth1(true)
    http.SetOAuthConsumerKey(consumerKey)
    http.SetOAuthConsumerSecret(consumerSecret)

    req := chilkat.NewHttpRequest()
    req.AddParam("oauth_callback",callbackUrl)

    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    resp := chilkat.NewHttpResponse()
    success = http.HttpReq(requestTokenUrl,req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    // If successful, the resp.BodyStr contains something like this:  
    // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
    fmt.Println(resp.BodyStr())

    if resp.StatusCode() != 200 {
        fmt.Println("Failed response status code: ", resp.StatusCode())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    hashTab := chilkat.NewHashtable()
    hashTab.AddQueryParams(resp.BodyStr())

    requestToken := hashTab.LookupStr("oauth_token")
    requestTokenSecret := hashTab.LookupStr("oauth_token_secret")
    http.SetOAuthTokenSecret(*requestTokenSecret)

    fmt.Println("oauth_token = ", *requestToken)
    fmt.Println("oauth_token_secret = ", *requestTokenSecret)

    // ---------------------------------------------------------------------------
    // The next step is to form a URL to send to the authorizeUrl
    // This is an HTTP GET that we load into a popup browser.
    sbUrlForBrowser := chilkat.NewStringBuilder()
    sbUrlForBrowser.Append(authorizeUrl)
    sbUrlForBrowser.Append("?oauth_token=")
    sbUrlForBrowser.Append(*requestToken)
    url := sbUrlForBrowser.GetAsString()

    // Launch the system's default browser navigated to the URL.
    oauth2 := chilkat.NewOAuth2()
    success = oauth2.LaunchBrowser(*url)
    if success == false {
        fmt.Println(oauth2.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        return
    }

    // When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
    // We'll need to start a socket that is listening on port 3017 for the callback from the browser.
    listenSock := chilkat.NewSocket()

    backLog := 5
    success = listenSock.BindAndListen(callbackLocalPort,backLog)
    if success == false {
        fmt.Println(listenSock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        return
    }

    // Wait for the browser's connection in a background thread.
    // (We'll send load the URL into the browser following this..)
    // Wait a max of 60 seconds before giving up.
    sock := chilkat.NewSocket()
    maxWaitMs := 60000
    c := make(chan *chilkat.Task)
    go listenSock.AcceptNextAsync(maxWaitMs,sock,c)
    task := <-c

    // Wait for the listenSock's task to complete.
    success = task.Wait(maxWaitMs)
    if !success || (task.StatusInt() != 7) || (task.TaskSuccess() != true) {
        if !success {
            // The task.LastErrorText applies to the Wait method call.
            fmt.Println(task.LastErrorText())
        } else {
            // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
            fmt.Println(task.Status())
            fmt.Println(task.ResultErrorText())
        }

        task.DisposeTask()
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        return
    }

    // If we get to this point, the connection from the browser arrived and was accepted.

    // We no longer need the listen socket...
    // Stop listening on port 3017.
    listenSock.Close(10)

    task.DisposeTask()

    // Read the start line of the request..
    startLine := sock.ReceiveUntilMatch("\r\n")
    if sock.LastMethodSuccess() == false {
        fmt.Println(sock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        return
    }

    // Read the request header.
    requestHeader := sock.ReceiveUntilMatch("\r\n\r\n")
    if sock.LastMethodSuccess() == false {
        fmt.Println(sock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        return
    }

    // The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
    // Once the request header is received, we have all of it.
    // We can now send our HTTP response.
    sbResponseHtml := chilkat.NewStringBuilder()
    sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>")

    sbResponse := chilkat.NewStringBuilder()
    sbResponse.Append("HTTP/1.1 200 OK\r\n")
    sbResponse.Append("Content-Length: ")
    sbResponse.AppendInt(sbResponseHtml.Length())
    sbResponse.Append("\r\n")
    sbResponse.Append("Content-Type: text/html\r\n")
    sbResponse.Append("\r\n")
    sbResponse.AppendSb(sbResponseHtml)

    sock.SendString(*sbResponse.GetAsString())
    sock.Close(50)

    // The information we need is in the startLine.
    // For example, the startLine will look like this:
    //  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
    sbStartLine := chilkat.NewStringBuilder()
    sbStartLine.Append(*startLine)
    numReplacements := sbStartLine.Replace("GET /?","")
    numReplacements = sbStartLine.Replace(" HTTP/1.1","")
    sbStartLine.Trim()

    // oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
    fmt.Println("startline: ", *sbStartLine.GetAsString())

    hashTab.Clear()
    hashTab.AddQueryParams(*sbStartLine.GetAsString())

    requestToken = hashTab.LookupStr("oauth_token")
    authVerifier := hashTab.LookupStr("oauth_verifier")

    // ------------------------------------------------------------------------------
    // Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

    http.SetOAuthToken(*requestToken)
    http.SetOAuthVerifier(*authVerifier)

    // We don't need the "Authorization: OAuth ..." header for this POST.
    http.SetOAuth1(false)
    req.RemoveParam("oauth_callback")
    req.AddParam("oauth_verifier",*authVerifier)
    req.AddParam("oauth_token",*requestToken)

    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    success = http.HttpReq(accessTokenUrl,req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        sbResponseHtml.DisposeStringBuilder()
        sbResponse.DisposeStringBuilder()
        sbStartLine.DisposeStringBuilder()
        return
    }

    // Make sure a successful response was received.
    if resp.StatusCode() != 200 {
        fmt.Println(resp.StatusLine())
        fmt.Println(resp.Header())
        fmt.Println(resp.BodyStr())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        oauth2.DisposeOAuth2()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        sbResponseHtml.DisposeStringBuilder()
        sbResponse.DisposeStringBuilder()
        sbStartLine.DisposeStringBuilder()
        return
    }

    // If successful, the resp.BodyStr contains something like this:
    // oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
    fmt.Println(resp.BodyStr())

    hashTab.Clear()
    hashTab.AddQueryParams(resp.BodyStr())

    accessToken := hashTab.LookupStr("oauth_token")
    accessTokenSecret := hashTab.LookupStr("oauth_token_secret")
    userId := hashTab.LookupStr("user_id")
    screenName := hashTab.LookupStr("screen_name")

    // The access token + secret is what should be saved and used for
    // subsequent REST API calls.
    fmt.Println("Access Token = ", *accessToken)
    fmt.Println("Access Token Secret = ", *accessTokenSecret)
    fmt.Println("user_id = ", *userId)
    fmt.Println("screen_name  = ", *screenName)

    // Save this access token for future calls.
    // Just in case we need user_id and screen_name, save those also..
    json := chilkat.NewJsonObject()
    json.AppendString("oauth_token",*accessToken)
    json.AppendString("oauth_token_secret",*accessTokenSecret)
    json.AppendString("user_id",*userId)
    json.AppendString("screen_name",*screenName)

    fac := chilkat.NewFileAccess()
    fac.WriteEntireTextFile("qa_data/tokens/twitter.json",*json.Emit(),"utf-8",false)

    fmt.Println("Success.")

    http.DisposeHttp()
    req.DisposeHttpRequest()
    resp.DisposeHttpResponse()
    hashTab.DisposeHashtable()
    sbUrlForBrowser.DisposeStringBuilder()
    oauth2.DisposeOAuth2()
    listenSock.DisposeSocket()
    sock.DisposeSocket()
    task.DisposeTask()
    sbResponseHtml.DisposeStringBuilder()
    sbResponse.DisposeStringBuilder()
    sbStartLine.DisposeStringBuilder()
    json.DisposeJsonObject()
    fac.DisposeFileAccess()