How do I authenticate users in a Rails app with the oauth gem and twitter 1.0.0 gem?

Question

Jnunemaker just updated his twitter gem (https://github.com/jnunemaker/twitter) and removed the Twitter::Oauth class. My code doesn't look much like his example, so I'm having issues updating it. Here's what my code used to look with the twitter 0.9 gem:

UsersController

def oauth
  consumer = Twitter::OAuth.new('mykey','mysecret')
  request_token = consumer.request_token  
  session[:request_token] = request_token.token  
  session[:request_token_secret] = request_token.secret
  redirect_to 'http://api.twitter.com/oauth/authorize?oauth_token='+request_token.token
end

def callback
  consumer = Twitter::OAuth.new('mykey','mysecret')
  atoken, asecret = oauth.authorize_from_request(session[:request_token], session[:request_token_secret], params[:oauth_verifier])  
  consumer.authorize_from_access(atoken,asecret)
  user = Twitter::Base.new(consumer).verify_credentials

  #and then I create a new user in my application, with attributes such as the user's follower count, etc
end

Here's an example of what I've tried to do to change this code:

UsersController

def oauth
  consumer = OAuth::Consumer.new("mykey", "mysecret", :site => "siteurl")
  request_token = consumer.get_request_token
  session[:request_token] = request_token.token  
  session[:request_token_secret] = request_token.secret
  redirect_to 'http://api.twitter.com/oauth/authorize?oauth_token='+request_token.token
end

def callback
  consumer = OAuth::Consumer.new("mykey", "mysecret", :site => "siteurl")
  request_token = session[:request_token]
  atoken = OAuth::RequestToken.new(consumer, request_token.token, request_token.secret).get_access_token(:oauth_verifier => params[:oauth_verifier])
  consumer.authorize_from_access(atoken)
  user = Twitter::Client.new(consumer).verify_credentials

Gemfile

...
gem 'oauth'

I'm sure there are a number of things wrong in my callback method, but one thing that's weird is that my oauth method works fine when I'm running locally, but gives me a '502 Bad Gateway' error when I try from my live (deployed with heroku) version.

Answer 1

If you can't get it to work with what you have now, I have been able to use the Omniauth gem together with the Twitter gem. Omniauth is very easy to setup.

To use the Twitter gem, just get the access token info after the Omniauth callback is done:

token = omniauth['credentials']['token'], 
secret = omniauth['credentials']['secret']

Then just set the Twitter gem config settings before using the Twitter gem methods

Twitter.oauth_token = token
Twitter.oauth_token_secret = secret

Twitter.home_timeline.first.text

(You'll have to configure the Twitter gem consumer_key and consumer_key_secret if you don't haven't that already set up in an initializer file...)

Answer 2

You were close in your example. The right code for your controller action would be something like this:

  def new
    consumer = OAuth::Consumer.new(YOUR_CONSUMER_TOKEN, YOUR_CONSUMER_SECRET, site: 'https://api.twitter.com', request_endpoint: 'https://api.twitter.com', authorize_path: '/oauth/authenticate')

    unless params[:oauth_token]
      request_token = consumer.get_request_token({ oauth_callback: request.original_url })
      session[:request_token] = { token: request_token.token, secret: request_token.secret}
      redirect_to request_token.authorize_url(force_login: 'true')
    else
      request_token = OAuth::RequestToken.from_hash(consumer, oauth_token: session[:request_token]["token"], oauth_token_secret: session[:request_token]["secret"])
      access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
      session[:request_token] = nil

      @client = Twitter::REST::Client.new do |config|
        config.consumer_key        = YOUR_CONSUMER_TOKEN
        config.consumer_secret     = YOUR_CONSUMER_SECRET
        config.access_token        = access_token.token
        config.access_token_secret = access_token.secret
      end
    end
  end

Answer 3

I've had good luck with

Authlogic + AuthLogic Connect.

I'm not sure if you need to implement the oauth by hand, but the gem might be worth looking into.

https://github.com/viatropos/authlogic-connect

The only gotcha I've found with oauth providers is sometimes they provide poor error messages if the callback url isn't recognized, which is configured where you get the api keys.

-Ken