Sample code for 30+ languages & platforms
Tcl

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

set consumerKey "TWITTER_CONSUMER_KEY"
set consumerSecret "TWITTER_CONSUMER_SECRET"

set requestTokenUrl "https://api.twitter.com/oauth/request_token"
set authorizeUrl "https://api.twitter.com/oauth/authorize"
set accessTokenUrl "https://api.twitter.com/oauth/access_token"

# The port number is picked at random. It's some unused port that won't likely conflict with anything else..
set callbackUrl "http://localhost:3017/"
set callbackLocalPort 3017

# The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
set http [new_CkHttp]

CkHttp_put_OAuth1 $http 1
CkHttp_put_OAuthConsumerKey $http $consumerKey
CkHttp_put_OAuthConsumerSecret $http $consumerSecret

set req [new_CkHttpRequest]

CkHttpRequest_AddParam $req "oauth_callback" $callbackUrl

CkHttpRequest_put_HttpVerb $req "POST"
CkHttpRequest_put_ContentType $req "application/x-www-form-urlencoded"

set resp [new_CkHttpResponse]

set success [CkHttp_HttpReq $http $requestTokenUrl $req $resp]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    exit
}

# If successful, the resp.BodyStr contains something like this:  
# oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
puts [CkHttpResponse_bodyStr $resp]

if {[CkHttpResponse_get_StatusCode $resp] != 200} then {
    puts "Failed response status code: [CkHttpResponse_get_StatusCode $resp]"
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    exit
}

set hashTab [new_CkHashtable]

CkHashtable_AddQueryParams $hashTab [CkHttpResponse_bodyStr $resp]

set requestToken [CkHashtable_lookupStr $hashTab "oauth_token"]
set requestTokenSecret [CkHashtable_lookupStr $hashTab "oauth_token_secret"]
CkHttp_put_OAuthTokenSecret $http $requestTokenSecret

puts "oauth_token = $requestToken"
puts "oauth_token_secret = $requestTokenSecret"

# ---------------------------------------------------------------------------
# The next step is to form a URL to send to the authorizeUrl
# This is an HTTP GET that we load into a popup browser.
set sbUrlForBrowser [new_CkStringBuilder]

CkStringBuilder_Append $sbUrlForBrowser $authorizeUrl
CkStringBuilder_Append $sbUrlForBrowser "?oauth_token="
CkStringBuilder_Append $sbUrlForBrowser $requestToken
set url [CkStringBuilder_getAsString $sbUrlForBrowser]

# Launch the system's default browser navigated to the URL.
set oauth2 [new_CkOAuth2]

set success [CkOAuth2_LaunchBrowser $oauth2 $url]
if {$success == 0} then {
    puts [CkOAuth2_lastErrorText $oauth2]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    exit
}

# When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
# We'll need to start a socket that is listening on port 3017 for the callback from the browser.
set listenSock [new_CkSocket]

set backLog 5
set success [CkSocket_BindAndListen $listenSock $callbackLocalPort $backLog]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $listenSock]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    exit
}

# Wait for the browser's connection in a background thread.
# (We'll send load the URL into the browser following this..)
# Wait a max of 60 seconds before giving up.
set sock [new_CkSocket]

set maxWaitMs 60000
# task is a CkTask
set task [CkSocket_AcceptNextAsync $listenSock $maxWaitMs $sock]
CkTask_Run $task

# Wait for the listenSock's task to complete.
set success [CkTask_Wait $task $maxWaitMs]
if {expr !$success  ||  [expr [[CkTask_get_StatusInt $task] != 7]  ||  [[CkTask_get_TaskSuccess $task] != 1]]} then {
    if {!$success} then {
        # The task.LastErrorText applies to the Wait method call.
        puts [CkTask_lastErrorText $task]
    }     else {
        # The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        puts [CkTask_status $task]
        puts [CkTask_resultErrorText $task]
    }

    delete_CkTask $task

    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    delete_CkSocket $sock
    exit
}

# If we get to this point, the connection from the browser arrived and was accepted.

# We no longer need the listen socket...
# Stop listening on port 3017.
CkSocket_Close $listenSock 10

delete_CkTask $task

# Read the start line of the request..
set startLine [CkSocket_receiveUntilMatch $sock "\r\n"]
if {[CkSocket_get_LastMethodSuccess $sock] == 0} then {
    puts [CkSocket_lastErrorText $sock]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    delete_CkSocket $sock
    exit
}

# Read the request header.
set requestHeader [CkSocket_receiveUntilMatch $sock "\r\n\r\n"]
if {[CkSocket_get_LastMethodSuccess $sock] == 0} then {
    puts [CkSocket_lastErrorText $sock]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    delete_CkSocket $sock
    exit
}

# The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
# Once the request header is received, we have all of it.
# We can now send our HTTP response.
set sbResponseHtml [new_CkStringBuilder]

CkStringBuilder_Append $sbResponseHtml "<html><body><p>Chilkat thanks you!</b></body</html>"

set sbResponse [new_CkStringBuilder]

CkStringBuilder_Append $sbResponse "HTTP/1.1 200 OK\r\n"
CkStringBuilder_Append $sbResponse "Content-Length: "
CkStringBuilder_AppendInt $sbResponse [CkStringBuilder_get_Length $sbResponseHtml]
CkStringBuilder_Append $sbResponse "\r\n"
CkStringBuilder_Append $sbResponse "Content-Type: text/html\r\n"
CkStringBuilder_Append $sbResponse "\r\n"
CkStringBuilder_AppendSb $sbResponse $sbResponseHtml

CkSocket_SendString $sock [CkStringBuilder_getAsString $sbResponse]
CkSocket_Close $sock 50

# The information we need is in the startLine.
# For example, the startLine will look like this:
#  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
set sbStartLine [new_CkStringBuilder]

CkStringBuilder_Append $sbStartLine $startLine
set numReplacements [CkStringBuilder_Replace $sbStartLine "GET /?" ""]
set numReplacements [CkStringBuilder_Replace $sbStartLine " HTTP/1.1" ""]
CkStringBuilder_Trim $sbStartLine

# oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
puts "startline: [CkStringBuilder_getAsString $sbStartLine]"

CkHashtable_Clear $hashTab
CkHashtable_AddQueryParams $hashTab [CkStringBuilder_getAsString $sbStartLine]

set requestToken [CkHashtable_lookupStr $hashTab "oauth_token"]
set authVerifier [CkHashtable_lookupStr $hashTab "oauth_verifier"]

# ------------------------------------------------------------------------------
# Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

CkHttp_put_OAuthToken $http $requestToken
CkHttp_put_OAuthVerifier $http $authVerifier

# We don't need the "Authorization: OAuth ..." header for this POST.
CkHttp_put_OAuth1 $http 0
CkHttpRequest_RemoveParam $req "oauth_callback"
CkHttpRequest_AddParam $req "oauth_verifier" $authVerifier
CkHttpRequest_AddParam $req "oauth_token" $requestToken

CkHttpRequest_put_HttpVerb $req "POST"
CkHttpRequest_put_ContentType $req "application/x-www-form-urlencoded"

set success [CkHttp_HttpReq $http $accessTokenUrl $req $resp]
if {$success == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    delete_CkSocket $sock
    delete_CkStringBuilder $sbResponseHtml
    delete_CkStringBuilder $sbResponse
    delete_CkStringBuilder $sbStartLine
    exit
}

# Make sure a successful response was received.
if {[CkHttpResponse_get_StatusCode $resp] != 200} then {
    puts [CkHttpResponse_statusLine $resp]
    puts [CkHttpResponse_header $resp]
    puts [CkHttpResponse_bodyStr $resp]
    delete_CkHttp $http
    delete_CkHttpRequest $req
    delete_CkHttpResponse $resp
    delete_CkHashtable $hashTab
    delete_CkStringBuilder $sbUrlForBrowser
    delete_CkOAuth2 $oauth2
    delete_CkSocket $listenSock
    delete_CkSocket $sock
    delete_CkStringBuilder $sbResponseHtml
    delete_CkStringBuilder $sbResponse
    delete_CkStringBuilder $sbStartLine
    exit
}

# If successful, the resp.BodyStr contains something like this:
# oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
puts [CkHttpResponse_bodyStr $resp]

CkHashtable_Clear $hashTab
CkHashtable_AddQueryParams $hashTab [CkHttpResponse_bodyStr $resp]

set accessToken [CkHashtable_lookupStr $hashTab "oauth_token"]
set accessTokenSecret [CkHashtable_lookupStr $hashTab "oauth_token_secret"]
set userId [CkHashtable_lookupStr $hashTab "user_id"]
set screenName [CkHashtable_lookupStr $hashTab "screen_name"]

# The access token + secret is what should be saved and used for
# subsequent REST API calls.
puts "Access Token = $accessToken"
puts "Access Token Secret = $accessTokenSecret"
puts "user_id = $userId"
puts "screen_name  = $screenName"

# Save this access token for future calls.
# Just in case we need user_id and screen_name, save those also..
set json [new_CkJsonObject]

CkJsonObject_AppendString $json "oauth_token" $accessToken
CkJsonObject_AppendString $json "oauth_token_secret" $accessTokenSecret
CkJsonObject_AppendString $json "user_id" $userId
CkJsonObject_AppendString $json "screen_name" $screenName

set fac [new_CkFileAccess]

CkFileAccess_WriteEntireTextFile $fac "qa_data/tokens/twitter.json" [CkJsonObject_emit $json] "utf-8" 0

puts "Success."

delete_CkHttp $http
delete_CkHttpRequest $req
delete_CkHttpResponse $resp
delete_CkHashtable $hashTab
delete_CkStringBuilder $sbUrlForBrowser
delete_CkOAuth2 $oauth2
delete_CkSocket $listenSock
delete_CkSocket $sock
delete_CkStringBuilder $sbResponseHtml
delete_CkStringBuilder $sbResponse
delete_CkStringBuilder $sbStartLine
delete_CkJsonObject $json
delete_CkFileAccess $fac