I'm attempting to connect to twitter using python, and I'm finding it really frustrating.
Everything I read suggests that I need a consumer key, a consumer secret, an access key and an access secret - for example: Using python OAUTH2 to access OAUTH protected resources
I can get the consumer key and the consumer secret from the twitter settings page for the little test app I created, but what about the other two? After a bit of googling it seems everyone thinks it's so obvious where you get this info from that it's not worth putting up, so I might be having a really dumb moment but could someone please spell it out for idiots like me please?
Edit:
OK to get these details open your app settings in Twitter and click the "My Access Token" link.
I suppose when looking for an Access Token, if you were to click on a link titled "My Access Token" might help. I'd love to attribute my stupidity to the wine, but really I don't know...
Almost all oauth examples on blogs seem to be examples of the authorisation phase of oauth and none focus on how to actually make requests once you have these, as once you understand how it works this part is quite obvious. Getting that initial understanding is quite difficult unfortunately.
If you're just trying access your twitter account from a script or app for yourself you can get the access token (called key in the python oauth library) and secret from dev.twitter.com at the bottom of the settings page for your app under the heading Your access token.
import oauth2 as oauth
import json
CONSUMER_KEY = "your app's consumer key"
CONSUMER_SECRET = "your app's consumer secret"
ACCESS_KEY = "your access token"
ACCESS_SECRET = "your access token secret"
consumer = oauth.Consumer(key=CONSUMER_KEY, secret=CONSUMER_SECRET)
access_token = oauth.Token(key=ACCESS_KEY, secret=ACCESS_SECRET)
client = oauth.Client(consumer, access_token)
timeline_endpoint = "https://api.twitter.com/1.1/statuses/home_timeline.json"
response, data = client.request(timeline_endpoint)
tweets = json.loads(data)
for tweet in tweets:
print tweet['text']
This example is using the python lib python-oauth2, which is an unfortunately named OAuth library not an OAuth2 library.
If you want to actually let other people authorise their account to be used by your app then you need to implement the redirect dance where you ask twitter for a request token/secret pair and then redirect the user to the twitter authorize page with this request token, they sign in and authorize the token and get redirected back to your application, you then exchange the request token for an access token and secret pair which you can store and use to make requests like above.
The Twitter Three-legged OAuth Example in the Readme at http://github.com/simplegeo/python-oauth2 seems to cover what needs to be done
Personally I use tweepy, it provides a nice python wrapper to Twitter's API
Related
Here is the context of what I want to do:
Automate following certain profiles on Twitter with an account that is different from my Twitter developer account. For that I read that I need 3-legged OAuth.
Here is my code:
import tweepy
consumer_key = "XXX"
consumer_secret = "XXX"
oauth1_user_handler = tweepy.OAuth1UserHandler(
consumer_key, consumer_secret,
callback="callback url"
)
print(oauth1_user_handler.get_authorization_url(signin_with_twitter=True))
Following the link printed I am able to authenticate my app using the Twitter account and then get something like this:
https://my_callback_url?oauth_token=XXX&oauth_verifier=XXXX
Following Tweepy's documentation, I should be able to put this oauth_verifier there:
access_token, access_token_secret = oauth1_user_handler.get_access_token(
"Verifier (oauth_verifier) here"
)
However, it is not correct, because every time I run my code I need to authenticate again and get a new oauth_verifier token.
On the Twitter developer portal everything is setup with this OAuth 1 permission and putting a callback URL and website URL was mandatory. I don't know what else to do.
That's where I am stuck.
I am following Tweepy's documentation here
You should be able to reuse the access token and secret, not the verifier.
I have added Firebase to allow clients to authenticate directly from the web app client (browser). I am using the firebase-web JS package and it works great. I can see in my browser that I receive a user object with information about the user, including an idToken.
I need to then authenticate this user on my server backend, which is python django. In the Firebase docs I found a how-to for exactly what I am trying to do, which is to verify the id token.
Since they don't have the supported Firebase sdk for python, I need to use a third party solution. I have come to the python-jose package after finding it listed on the jwt.io site. The example looks simple enough:
jwt.decode(token, 'secret', algorithms=['RS256'])
This is my first time using JWT. I don't know what to use for the 'secret'. I tried pasting my id token as token, and the web API key from the Firebase console for secret, but got this error:
jose.exceptions.JWKError: RSA key format is not supported
I also tried the JWT debugger, which seems to be reading most of my id token correctly, but the signature verification is looking for a public and/or a private keys, which like the 'secret' are escaping me.
I am really at a loss for how to find this secret, and how to verify the JWT id token in general. The information on the Firebase docs (third-party section) is:
Finally, ensure that the ID token was signed by the private key
corresponding to the token's kid claim. Grab the public key from
https://www.googleapis.com/robot/v1/metadata/x509/securetoken#system.gserviceaccount.com
and use a JWT library to verify the signature. Use the value of
max-age in the Cache-Control header of the response from that endpoint
to know when to refresh the public keys.
I have tried pasting the whole json blob from that googleapis url into the JWT debugger, but still getting an "invalid signature" alert. I don't understand how to use that public key.
Should python-jose work for this approach? If so, what should I use for the secret? If not, can someone point me in the right direction?
Thanks.
I finally found the answer I was looking for in this post: Migrating Python backend from Gitkit to to Firebase-Auth with python-jose for token verification
Since the time of the post there have been updates made to the python-jose package, which gives better support for firebase id tokens. Here is some working code ( jose version 1.3.1 ) on how to use python to decode the firebase id token:
import urllib, json
from jose import jwt
idtoken = "<id token passed to server from firebase auth>"
target_audience = "<firebase app id>"
certificate_url = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken#system.gserviceaccount.com'
response = urllib.urlopen(certificate_url)
certs = response.read()
certs = json.loads(certs)
#will throw error if not valid
user = jwt.decode(idtoken, certs, algorithms='RS256', audience=target_audience)
print user
I'm trying to post a tweet via TwitterApi, using oAuth2 and I get error
'u'{"errors":[{"code":220,"message":"Your credentials do not allow access to this resource."}]}'
My code is as follows:
from TwitterAPI import TwitterAPI
CONSUMER_KEY = 'xyz'
CONSUMER_SECRET = 'xyz'
def tweet_it():
api = TwitterAPI(CONSUMER_KEY, CONSUMER_SECRET, auth_type='oAuth2')
r = api.request('statuses/update', {'status': 'Hello World!'})
pass
if __name__ == "__main__":
tweet_it()
I have set my app account permissions to 'Read, Write and Access direct messages' and regenerate consumer keys. What am I missing?
I could search tweets this way without any issues.
I could post and search using oAuth1.
I've found out the solution or better say what is the issues.
Behavior described in my questions is correct as I'm using Application-only authentication and with this it's not allowed to access certain API calls, see https://dev.twitter.com/oauth/application-only.
Following twitter api documentation
for calling my account only, it's best way to go with oAuth1 and specify consumer key and access token and corresponding secrets.
for calling it from 3rd party application, you should go with 3-legged authorization, see https://dev.twitter.com/oauth/3-legged.
I have looked at all the Python Twitter API wrappers that I could find on Bitbucket, Github and PyPi, but have been unable to find one which allows you to connect to Twitter if you already have the authentication token.
I am aware that I can generate the authentication token using an OAuth token, OAuth token secret, Twitter Token and Twitter Secret; but I would like to skip that processing + not prompt users who already have accounts.
The tweepy library seems popular; but lacks documentation...
Would someone be able to show me a tweet postage which uses Tweepy (or any other Python Twitter library) that uses only the authentication token?
EDIT: I ended up getting to work right with Twython.
You have to store the access token and secret returned by the provider after authentication and use them in the subsequent requests to read or write. I have been using rauth (https://github.com/litl/rauth) and highly recommend it.
EDIT
Assuming you have already have a valid access token and a secret you can create a service object and read or write data using the twitter API (skipping the authentication steps). I have included the necessary steps from the rauth documentation below:
twitter = OAuth1Service(
name='twitter',
consumer_key='YOUR_CONSUMER_KEY',
consumer_secret='YOUR_CONSUMER_SECRET',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authorize',
header_auth=True)
params = {'include_rts': 1, # Include retweets
'count': 10} # 10 tweets
response = twitter.get('https://api.twitter.com/1/statuses/home_timeline.json',
params=params,
access_token=access_token,
access_token_secret=access_token_secret,
header_auth=True)
I use Django-social-auth to authenticate the users of a Django project. So I guess I have all the necessary information about a Twitter user to make a post on their behalf on their Twitter account. So do I really need to install a new app? or with the info at hand how would I do that? Isn't it just a matter of posting to a Twitter API with the relevant info?
You could just extract the code into your own project and that will work. But the benefits of using an open source library is that there's a good chance when Twitter or Social Network X changes it's API, the library, if popular, would get updated as opposed to you needing to make the change.
So if you use Django Social Auth you can do:
import urllib
import settings
import oauth2 as oauth
try:
twitter_user = user.social_auth.get(provider='twitter')
except:
return
if not twitter_user.tokens:
return
access_token = twitter_user.tokens['oauth_token']
access_token_secret = twitter_user.tokens['oauth_token_secret']
token = oauth.Token(access_token,access_token_secret)
consumer_key = settings.TWITTER_CONSUMER_KEY
consumer_secret = settings.TWITTER_CONSUMER_SECRET
consumer = oauth.Consumer(consumer_key,consumer_secret)
client = oauth.Client(consumer,token)
data = {'status':'Your tweet goes here'}
request_uri = 'https://api.twitter.com/1/statuses/update.json'
resp, content = client.request(request_uri, 'POST', urllib.urlencode(data))
Yes, I believe if you have the User's twitter account details that are necessary, then you can write an (django) app which will do so. You can use something like python-twitter to post to twitter.
You should be able to find more information regarding Twitter's api here.