Java backend app publishing to several twitter accounts


#1

Hi.

I’m developing an java backend service for a government agency which needs to publish to several accounts at the same time. I asked if this was possible here , and although it certainly seems like it is (here’s a similar question) for the life of me I can’t seem to figure out the correct instructions for the three-legged OAuth flow.

My question is, how do I, as it says on the first answer, “have each of the target accounts go through the sign-in with Twitter / three-legged OAuth flow to retrieve account secret keys for each of them” ? I’ve registered the app, and it is possible to publish from it into it’s associated developer twitter account, but I can’t seem to find a way to publish from that app into a new twitter account (@Igorpoitras_ES). How do I, as owner of IgorPoitras_ES, allow the app to publish in its behalf?


#2

I figured it out.

Step 0: register an app.
Step 1: POST to https://api.twitter.com/oauth/request_token with all the Consumer API keys and tokens that you get in https://developer.twitter.com/en/apps/. The response will include your new oauthtoken.
Step 2: GET, via Browser, to https://api.twitter.com/oauth/authorize?oauth_token=theNewAuthToken.
Step 3. Click the “Allow this app” button in the browser. This will use the callback url that you’ve set in the application configuration, under “App details”. The response will include the “oauth_verifier” token.
Step 4: POST to https://api.twitter.com/oauth/access_token, with params:
oauth_verifier=the one you’ve just got.
oauth_token=theNewAuthToken.
oauth_consumer_key= the consumer key that you’ve used in STEP 1.

This final step will produce an oauth_token, an oauth_token_secret, the user_id and its screen name.

To publish to different accounts means that all will share the consumer key, but each one will have its own oauth_token and oauth_token_secret key. That’s it.


#3

is there a way to get the oauth_verifier programmatically? In otherwords without having to Browser, to https://api.twitter.com/oauth/authorize?oauth_token=theNewAuthToken and click the “Allow this app” button?


#4

The user must click the UI button in order to have the token passed back. That’s the flow. What’s your use case here?


#5

I have the consumer key and the consumer secret. I want to be able to get the Access token & access token secret programmatically. I’ve tried everything and I can’t seem to solve this problem. Is this possible?


#6

Yes, you need to implement the three legged OAuth flow, also known as sign-in with Twitter.

https://developer.twitter.com/en/docs/basics/authentication/overview/3-legged-oauth.html

I have a sample in python here


#7

I reviewed the three legged OAuth flow earlier and it looks like it still requires user interaction with a UI. I would like to completely avoid any user interaction. I would like my java function to take the consumer key and consumer secret as inputs, and return back Access token & access token secret.


#8

This is not possible, as it explicitly requires a user login and action. It is not possible to invisibility authenticate a user to an app. This would be a violation of the developer terms and of user privacy.


#9

Ok. I understand. Thanks for help Andy.


closed #10