3

I'm building a web app that uses twitter in the following way:

1) A users can sign in with Twitter (i.e. a user authenticates and authorizes the app) -I get the following piece: "oauth_token_secret=[OAUTH_TOKEN_SECRET_HERE]&oauth_token=[OAUTH_TOKEN_HERE]" which I store to the server.

2) Now I want to access the users data purely on the client side using only javascript (with jQuery). So how do I do it??? I've tried a couple of approaches and I keep missing something, so my question is how should the calls be made? What parameters are needed in the example:

$.getJSON('https://api.twitter.com/1/statuses/home_timeline.json?include_entities=true&[WHAT PARAMETERS SHOLD BE ADDED HERE???]&callback=?', function(data) {
    console.log(data);
    });
ip.
  • 3,306
  • 6
  • 32
  • 42

2 Answers2

3

You can use count amd max_id query parameters, but you don't need them.

I also don't think you need or want the callback=? part.

The key thing: You need to use those OAUTH items to produce an Authorization header, which you must add to the outbound request. The structure of the header is described in Twitter's developer documentation.

To see what the messages look like, go to: https://apigee.com/console/twitter

Thsi is an example of a valid request:

GET /1/statuses/home_timeline.json HTTP/1.1
Authorization: XXXXXXXXX
Host: api.twitter.com
User-Agent: Mozilla/5.0 (.....)

...where the XXXXXX is the Authorization header, generated according to the oauth 1.0a rules stipulated by Twitter.

It looks like this: (line breaks inserted for readability; this header should be all on one line in the actual request)

OAuth oauth_consumer_key="RR0sePOBbQ8bYdC8r41mg",
  oauth_signature_method="HMAC-SHA1",
  oauth_timestamp="1341705465",
  oauth_nonce="34350",
  oauth_version="1.0",
  oauth_token="5915213-haTzPfWcr6Ci2gdnD8797AfgRs8AICDK8KIStFtx",
  oauth_signature="1hxDP104ZXGMlcblQ05h6vWoJg%3D"

You might want to take advantage of a Javascript OAuth library in order to construct that header, and send the request.

Try searching jsOAuth and Twitter

Cheeso
  • 189,189
  • 101
  • 473
  • 713
  • Can you specify an example? Also according to https://dev.twitter.com/docs/auth/authorizing-request it seams that other parameters are added as well. And shouldn't the callback=? be used because I'm requesting JSONP to address the same-origin policy problem. – ip. Jul 07 '12 at 23:45
  • ah, excuse me, yes, you are correct, you need the callback. About an example - you can see it on the apigee console. It shows you the Authorization header. The header needs some "given" oauth parameters (consumner key, secret key), as well as some parameters you compute - like oauth_timestamp, oauth_signature, and oauth_signature_method. Constructing the header is mechanical, but somewhat involved. I inserted an example of what a header looks like. – Cheeso Jul 07 '12 at 23:59
  • sorry, maybe this a newbie question but what are oauth_nonce and oauth_signature and how do I generate them? it seams they are the missing parameters – ip. Jul 08 '12 at 00:05
  • Those are explained in the Twitter developer doc; the Nonce is a number that should be used just once. The signature is the only difficult thing to produce, and that is why you need a library. The sig is an HMAC_SHA1 of all the other oauth params, sorted, concatenated and encoded in a particular way. The exact way is described in the Twitter api doc. – Cheeso Jul 08 '12 at 00:07
0

Apologies for not giving a 1 line answer, but happy to help..

in general when using javascript to fetch data, you won't be able to access many data feeds due to sandbox/'same origin' restrictions..

HOWEVER, sites can approve this ability, but will typically have a particular manner in which they want you to access the data (typically by logging in first, and receiving a session)

Many people have written wrappers around these methods (especially for something as popular as twitter)

have a look at jsOath https://github.com/bytespider/jsOAuth/downloads

Josh Heartford
  • 26
  • 1