auth_tutorial.rst 4.23 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
.. _auth_tutorial:


***********************
Authentication Tutorial
***********************

Introduction
============

Aaron Hill's avatar
Aaron Hill committed
11
12
Tweepy supports oauth authentication. Authentication is
handled by the tweepy.AuthHandler class.
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

OAuth Authentication
====================

Tweepy tries to make OAuth as painless as possible for you. To begin
the process we need to register our client application with
Twitter. Create a new application and once you
are done you should have your consumer token and secret. Keep these
two handy, you'll need them.

The next step is creating an OAuthHandler instance. Into this we pass
our consumer token and secret which was given to us in the previous
paragraph::

   auth = tweepy.OAuthHandler(consumer_token, consumer_secret)

If you have a web application and are using a callback URL that needs
to be supplied dynamically you would pass it in like so::

   auth = tweepy.OAuthHandler(consumer_token, consumer_secret,
   callback_url)

If the callback URL will not be changing, it is best to just configure
it statically on twitter.com when setting up your application's
profile.

Unlike basic auth, we must do the OAuth "dance" before we can start
using the API. We must complete the following steps:

#. Get a request token from twitter

#. Redirect user to twitter.com to authorize our application

#. If using a callback, twitter will redirect the user to
   us. Otherwise the user must manually supply us with the verifier
   code.

50
#. Exchange the authorized request token for an access token.
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

So let's fetch our request token to begin the dance::

   try:
       redirect_url = auth.get_authorization_url()
   except tweepy.TweepError:
       print 'Error! Failed to get request token.'

This call requests the token from twitter and returns to us the
authorization URL where the user must be redirect to authorize us. Now
if this is a desktop application we can just hang onto our
OAuthHandler instance until the user returns back. In a web
application we will be using a callback request. So we must store the
request token in the session since we will need it inside the callback
URL request. Here is a pseudo example of storing the request token in
a session::

Steven Skoczen's avatar
Steven Skoczen committed
68
   session.set('request_token', auth.request_token)
69
70
71
72
73
74
75
76
77
78
79
80
81
82

So now we can redirect the user to the URL returned to us earlier from
the get_authorization_url() method.

If this is a desktop application (or any application not using
callbacks) we must query the user for the "verifier code" that twitter
will supply them after they authorize us. Inside a web application
this verifier value will be supplied in the callback request from
twitter as a GET query parameter in the URL.

.. code-block :: python

   # Example using callback (web app)
   verifier = request.GET.get('oauth_verifier')
83

84
85
86
87
88
89
90
91
92
93
94
95
   # Example w/o callback (desktop)
   verifier = raw_input('Verifier:')

The final step is exchanging the request token for an access
token. The access token is the "key" for opening the Twitter API
treasure box. To fetch this token we do the following::

   # Let's say this is a web app, so we need to re-build the auth handler
   # first...
   auth = tweepy.OAuthHandler(consumer_key, consumer_secret)
   token = session.get('request_token')
   session.delete('request_token')
96
97
98
   auth.request_token = { 'oauth_token' : token,
                            'oauth_token_secret' : verifier }

99
100
101
102
   try:
       auth.get_access_token(verifier)
   except tweepy.TweepError:
       print 'Error! Failed to get access token.'
103

104
105
106
107
108
109
110
It is a good idea to save the access token for later use. You do not
need to re-fetch it each time. Twitter currently does not expire the
tokens, so the only time it would ever go invalid is if the user
revokes our application access. To store the access token depends on
your application. Basically you need to store 2 string values: key and
secret::

Steven Skoczen's avatar
Steven Skoczen committed
111
112
   auth.access_token
   auth.access_token_secret
113
114
115
116
117
118
119
120
121
122
123
124
125

You can throw these into a database, file, or where ever you store
your data. To re-build an OAuthHandler from this stored access token
you would do this::

   auth = tweepy.OAuthHandler(consumer_key, consumer_secret)
   auth.set_access_token(key, secret)

So now that we have our OAuthHandler equipped with an access token, we
are ready for business::

   api = tweepy.API(auth)
   api.update_status('tweepy + oauth!')