Twitter Connect in django using Oauth
I was recently involved in a django project where I had the opportunity to learn Oauth2.0. Almost all new social networking sites have started using Oauth2.0 in favour of basic authentication which was the prevalent authentication system sometime ago. Twitter has not yet migrated to using Oauth2.0, it is using Oauth1.0a as of now.
I am specifically going to write about how I integrated twitter authentication into my django-app. I am assuming the reader is familiar with python and django, or the MVC framework in general.First you are going to need your twitter consumer key and your twitter consumer secret, which you will receive once you have registered your new application with twitter here https://dev.twitter.com/apps/new . Unlike facebook, in twitter you have to explicitly specify your Oauth Callback Url, while registering your app. This limits you to use the same callback url that you have specified in your twitter settings page.So, if your domain name has changed, which can occur multiple times in your development environment for various reasons, you would want to override the twitter oauth callback url . This is a bit tricky at first but it is easy once you know how to do it. I will describe the steps to override twitter oauth callback url in my next post.
I wanted my twitter-connect view in my django app, to store the user’s twitter access_token, access_token_secret , their user_id and their twitter username. So, I set up my model accordingly.
You will need python-oauth2 library to communicate with twitter using the oauth protocol. You can get the latest version of python-oauth2 from https://github.com/simplegeo/python-oauth2.
Once you have the python-oauth2 library installed, you are ready to write the initial piece of code for your twitter connect view.
It is best to store all your twitter consumer key and your twitter consumer secret in the settings.py file in your django application. Here I am checking for a ‘redirect’ in my request.session, if you have already stored your twitter credentials in the database then it will redirect you to the dashboard, else you will follow the regular twitter authentication protocol.
It is important to store the session variable because, authentication via Ouath2.0 is a three stage process. First, using our twitter consumer key and consumer secret, we tell to twitter that we are a valid application, twitter upon verifying this, will send us a request_token and request_token_secret. We store these two tokens in our session variables. Then we set up the new authorize url as shown below and redirect to the new url without our request token.
Then, twitter upon receiving the correct request token, sends us a oauth verifer. We get the oauth verifier using request.GET and we set the token using the request token, request token secret and the newly received oauth verifier.
In the content thus recieved, we will have a json object or the access_token, access_token_secret,user_id, and screenname. We have to store this access_token in our database, if we want to post to our user’s twitter account using the access_token.
Once you have the user’s access token, tweeting on behalf of the user is super simple.
You just submit a Post request to ”https://api.twitter.com/1/statuses/update.json” using the required oauth credentials we have stored in our database. Here, data is a dict, consisting of our tweet. Twitter, calls it ‘status’ so, we update ‘status’ to our new tweet and send a post request to our request_uri.
If you followed the steps correctly, you should be able to use oauth to successfully tweet to a user’s twitter feed using your django view.
