Sample code for 30+ languages & platforms
Ruby

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Ruby Downloads

Ruby
require 'chilkat'

success = false

consumerKey = "TWITTER_CONSUMER_KEY"
consumerSecret = "TWITTER_CONSUMER_SECRET"

requestTokenUrl = "https://api.twitter.com/oauth/request_token"
authorizeUrl = "https://api.twitter.com/oauth/authorize"
accessTokenUrl = "https://api.twitter.com/oauth/access_token"

# The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl = "http://localhost:3017/"
callbackLocalPort = 3017

# The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http = Chilkat::CkHttp.new()

http.put_OAuth1(true)
http.put_OAuthConsumerKey(consumerKey)
http.put_OAuthConsumerSecret(consumerSecret)

req = Chilkat::CkHttpRequest.new()
req.AddParam("oauth_callback",callbackUrl)

req.put_HttpVerb("POST")
req.put_ContentType("application/x-www-form-urlencoded")

resp = Chilkat::CkHttpResponse.new()
success = http.HttpReq(requestTokenUrl,req,resp)
if (success == false)
    print http.lastErrorText() + "\n";
    exit
end

# If successful, the resp.BodyStr contains something like this:  
# oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
print resp.bodyStr() + "\n";

if (resp.get_StatusCode() != 200)
    print "Failed response status code: " + resp.get_StatusCode().to_s() + "\n";
    exit
end

hashTab = Chilkat::CkHashtable.new()
hashTab.AddQueryParams(resp.bodyStr())

requestToken = hashTab.lookupStr("oauth_token")
requestTokenSecret = hashTab.lookupStr("oauth_token_secret")
http.put_OAuthTokenSecret(requestTokenSecret)

print "oauth_token = " + requestToken + "\n";
print "oauth_token_secret = " + requestTokenSecret + "\n";

# ---------------------------------------------------------------------------
# The next step is to form a URL to send to the authorizeUrl
# This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser = Chilkat::CkStringBuilder.new()
sbUrlForBrowser.Append(authorizeUrl)
sbUrlForBrowser.Append("?oauth_token=")
sbUrlForBrowser.Append(requestToken)
url = sbUrlForBrowser.getAsString()

# Launch the system's default browser navigated to the URL.
oauth2 = Chilkat::CkOAuth2.new()
success = oauth2.LaunchBrowser(url)
if (success == false)
    print oauth2.lastErrorText() + "\n";
    exit
end

# When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
# We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock = Chilkat::CkSocket.new()

backLog = 5
success = listenSock.BindAndListen(callbackLocalPort,backLog)
if (success == false)
    print listenSock.lastErrorText() + "\n";
    exit
end

# Wait for the browser's connection in a background thread.
# (We'll send load the URL into the browser following this..)
# Wait a max of 60 seconds before giving up.
sock = Chilkat::CkSocket.new()
maxWaitMs = 60000
# task is a CkTask
task = listenSock.AcceptNextAsync(maxWaitMs,sock)
task.Run()

# Wait for the listenSock's task to complete.
success = task.Wait(maxWaitMs)
if (!success or (task.get_StatusInt() != 7) or (task.get_TaskSuccess() != true))
    if (!success)
        # The task.LastErrorText applies to the Wait method call.
        print task.lastErrorText() + "\n";
    else
        # The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        print task.status() + "\n";
        print task.resultErrorText() + "\n";
    end

    exit
end

# If we get to this point, the connection from the browser arrived and was accepted.

# We no longer need the listen socket...
# Stop listening on port 3017.
listenSock.Close(10)

# Read the start line of the request..
startLine = sock.receiveUntilMatch("\r\n")
if (sock.get_LastMethodSuccess() == false)
    print sock.lastErrorText() + "\n";
    exit
end

# Read the request header.
requestHeader = sock.receiveUntilMatch("\r\n\r\n")
if (sock.get_LastMethodSuccess() == false)
    print sock.lastErrorText() + "\n";
    exit
end

# The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
# Once the request header is received, we have all of it.
# We can now send our HTTP response.
sbResponseHtml = Chilkat::CkStringBuilder.new()
sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>")

sbResponse = Chilkat::CkStringBuilder.new()
sbResponse.Append("HTTP/1.1 200 OK\r\n")
sbResponse.Append("Content-Length: ")
sbResponse.AppendInt(sbResponseHtml.get_Length())
sbResponse.Append("\r\n")
sbResponse.Append("Content-Type: text/html\r\n")
sbResponse.Append("\r\n")
sbResponse.AppendSb(sbResponseHtml)

sock.SendString(sbResponse.getAsString())
sock.Close(50)

# The information we need is in the startLine.
# For example, the startLine will look like this:
#  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine = Chilkat::CkStringBuilder.new()
sbStartLine.Append(startLine)
numReplacements = sbStartLine.Replace("GET /?","")
numReplacements = sbStartLine.Replace(" HTTP/1.1","")
sbStartLine.Trim()

# oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
print "startline: " + sbStartLine.getAsString() + "\n";

hashTab.Clear()
hashTab.AddQueryParams(sbStartLine.getAsString())

requestToken = hashTab.lookupStr("oauth_token")
authVerifier = hashTab.lookupStr("oauth_verifier")

# ------------------------------------------------------------------------------
# Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.put_OAuthToken(requestToken)
http.put_OAuthVerifier(authVerifier)

# We don't need the "Authorization: OAuth ..." header for this POST.
http.put_OAuth1(false)
req.RemoveParam("oauth_callback")
req.AddParam("oauth_verifier",authVerifier)
req.AddParam("oauth_token",requestToken)

req.put_HttpVerb("POST")
req.put_ContentType("application/x-www-form-urlencoded")

success = http.HttpReq(accessTokenUrl,req,resp)
if (success == false)
    print http.lastErrorText() + "\n";
    exit
end

# Make sure a successful response was received.
if (resp.get_StatusCode() != 200)
    print resp.statusLine() + "\n";
    print resp.header() + "\n";
    print resp.bodyStr() + "\n";
    exit
end

# If successful, the resp.BodyStr contains something like this:
# oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
print resp.bodyStr() + "\n";

hashTab.Clear()
hashTab.AddQueryParams(resp.bodyStr())

accessToken = hashTab.lookupStr("oauth_token")
accessTokenSecret = hashTab.lookupStr("oauth_token_secret")
userId = hashTab.lookupStr("user_id")
screenName = hashTab.lookupStr("screen_name")

# The access token + secret is what should be saved and used for
# subsequent REST API calls.
print "Access Token = " + accessToken + "\n";
print "Access Token Secret = " + accessTokenSecret + "\n";
print "user_id = " + userId + "\n";
print "screen_name  = " + screenName + "\n";

# Save this access token for future calls.
# Just in case we need user_id and screen_name, save those also..
json = Chilkat::CkJsonObject.new()
json.AppendString("oauth_token",accessToken)
json.AppendString("oauth_token_secret",accessTokenSecret)
json.AppendString("user_id",userId)
json.AppendString("screen_name",screenName)

fac = Chilkat::CkFileAccess.new()
fac.WriteEntireTextFile("qa_data/tokens/twitter.json",json.emit(),"utf-8",false)

print "Success." + "\n";