Posting to another user's account from my app

oauth

#1

hello,
i’m creating Rails app that will allow my Twitter Application (from my Twitter account) to post to the user’s timeline. currently i have these setup app in my web app:

consumer_key 
consumer_secret 
access_token
access_token_secret

currently, when a user logs in to my web app, creates some tweets and posts them. the posts go to my twitter account. after the authorization callback, my web app is able to set the secret and token return from the callback to the users account. what keys and tokens do i need to set to make my web app post to ANOTHER user’s account after authorization?

I am using this gem that returns some hash values from twitter: https://github.com/arunagw/omniauth-twitter#authentication-hash


#2

access_token and access_token_secret are user specific and will be different for every user. You have to authenticate every request with the token/secret for the specific user you want the request to happen for.


#3

so this means that after getting the token/secret for a specific user, i have ENOUGH info to make a post on his twitter account on his behalf from my web app right?


#4

Once you have an access_token/secret for a user, you have the credentials needed to perform any action within the permissions granted by the user.


#5

OK, I get it. Is there are other to post the access_token and secret?
Are 3 variables (token, secret, status) enough to make a post request to update a user’s twitter account?
And last questions, How can i find the names of these variable names. Currently i am using access_token, access_secret and status. Does the API recognize these string hash keys?


#6

Twitter requires OAuth 1 in most instances and those parameters are very specific and documented. It is not recommended that developers try to implement this low level code directly and instead use an established library to do it. It looks like you are already using a library of some sort so you will have to look at their docs to determine what key names their API requires.