How to provide a Twitter PIN statically during OAuth authentication

Question

http://twitter4j.org/en/code-examples.html - How to provide a Twitter PIN statically during OAuth authentication, the code example talks about providing a PIN if its already available.

Our application is a standalone java application and would prefer to pass credentials via a property file without any human intervention.

Answer 1

I spent some time today trying to figure out how to authenticate without user intervention using Twitter4j Library. I came up with the following:

ConfigurationBuilder conf = new ConfigurationBuilder();
conf.setOAuthConsumerKey(CONSUMER_KEY);
conf.setOAuthConsumerSecret(CONSUMER_KEY_SECRET);
conf.setOAuthAccessToken(TOKEN);
conf.setOAuthAccessTokenSecret(TOKEN_SECRET);
Twitter twitter = new TwitterFactory(conf.build()).getInstance();

By using ConfigurationBuilder, I'm now able to authenticate automatically. Of course you need to set values for CONSUMER AND TOKEN keys accordingly. Here's how I verified it:

User user = twitter.verifyCredentials();
System.out.println("Successfully verified credentials of " + user.getScreenName());

Hope this helps!

Answer 2

Twitter will provide you the PIN code.

In the example, Twitter4J supposes that somebody will copy the URL it gave (with requestToken.getAuthorizationURL() at line 10) in a web browser and will authorize the application via the browser. After that, the user is supposed to write in the example program the PIN code displayed in its browser.

There are two big drawbacks for you in this example :

• Human intervention
• Which code will you give to your example program if Twitter do not give you a PIN code (and it will happen if the callback URL of your Twitter application is not "oob") ?

You will have to simulate the human intervention to get the PIN code. Unfortunately, Twitter4J does not seem to get methods to do this (I do not see such method in the Javadoc) so you will have to code yourself the following process :

1. Retrieve the HTML code of the web page at requestToken.getAuthorizationURL().
2. This HTML page contains a form whose some parameters will be posted with the username (or email) and the user's password to get the PIN code. These parameters are called "oauth_token" (the temporary OAuth token that you already have), "deny" (a tag used if you do not want to authorize the application) and "authenticity_token". All of them are in <input> HTML tags. Pick them.
3. Simulate the posting of the form. For this you will have to use the POST oauth/authorize endpoint. The URL is https://api.twitter.com/oauth/authorize?oauth_token=<your OAuth Token>. The request has to be authenticated following the Twitter process for Authenticating requests. This is the content of what you will post : "authenticity_token=<the form's "authenticity_token" parameter>&session[username_or_email]=<user's name or email>&session[password]=<the user's password in clear>". If you don't authorize the app, append "&deny=<the form's "deny" parameter>" in the body message. There will not be any problem for you since you have got the credentials (session[xxx] parameters) in a property file and you picked the other parameters in the form (cf 2.).
4. The Twitter API will give you back an web page. If the authorization was successful, the PIN will be inside. However, be careful. The PIN takes different names depending on the callback URL. If the callback URL is "oob", the PIN code is called OAuth PIN. It is a 4-digit number somewhere in a <div id="oauth_pin"> HTML tag. Otherwise, it is called OAuth Verifier. It is contained in a URL located in a <div class="happy notice callback"> HTML tag. In this URL, the PIN is the oauth_verifier of the request string. It looks like an OAuth token.

Don't hesitate to have a look at the HTML code of the web pages of the 2nd and the 4th step of my process. It is very useful to understand the process.