Posting to another user's twitter account from my app

Question

i'm creating Rails app that will allow my Twitter Application (from my Twitter account) to post to the user's timeline. currently i have these setup app in my web app:

consumer_key 
consumer_secret 
access_token
access_token_secret

currently, when a user logs in to my web app, creates some tweets and posts them. the posts go to my twitter account. after the authorization callback, my web app is able to set the secret and token return from the callback to the users account. what keys and tokens do i need to set to make my web app post to ANOTHER user's account after authorization?

I am using this gem that returns some hash values from twitter: https://github.com/arunagw/omniauth-twitter#authentication-hash.

My code looks like this: config/secrets.yml

development:
  secret_key_base: 69cc9e7ad45eadafe574hsaf5ba04a21c8bbe9337fb0cb73966bde47a397d72dd0963b29f6218d43c1baeca8bd0a74218e2e552c8d2ab5fdb7fef14
  twitter_api_key: 2BN4jYtsf453374VM4m7HG
  twitter_api_secret: LOE545ksfjkae3r8FOzj3NTHXVBfx8njPX0JHMNqCJs3mOnhQleH

test:
  secret_key_base: 4c644a9f6d038388ec8ds3060177db7a6c342e4d12083cd36b0b7c3b6609eeb6771681c651c3eee3d740f9003103592sdafdsfaeDFHDGAd6c3e938bf

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

config/initializers/twitter.rb

$twitter = Twitter::REST::Client.new do |config|
  config.consumer_key = "2BN4jYtsf453374VM4m7HG"
  config.consumer_secret = "LOE545ksfjkae3r8FOzj3NTHXVBfx8njPX0JHMNqCJs3mOnhQleH"
  config.access_token = "714265291988058112-EkpjQvSeO6fQBc1ksHahlL8r6QLsYinA"
  config.access_token_secret = "qFdiOIP6aozmBlPfsUEYvDK884jsfaehwOXqlFSf8J4g8bl0x"
end

account.rb

class Account < ActiveRecord::Base
    before_save :capitalize_name

    belongs_to :user
    has_many :posts, dependent: :destroy

    accepts_nested_attributes_for :posts

    validates :account_name, :description, presence: :true

    default_scope { order('created_at DESC') }

    def self.find_or_create_from_auth_hash(auth_hash)
        #account = where(provider: auth_hash.provider, uid: auth_hash.uid).first_or_create
        account = where(id: id_goes_here).first_or_create
        account.update_attributes!(
            name: auth_hash.info.name,
            profile_image: auth_hash.info.image,
            token: auth_hash.credentials.token,
            secret: auth_hash.credentials.secret,
            uid: auth_hash.uid
        )
        account
    end

    private
    def capitalize_name
        self.account_name = self.account_name.split.map { |name| name.capitalize }.join(" ")
    end
end

Currently my rails app is posting to my account always even when other users log, get authorize and have tokens and secrets set on THEIR account from the authorization callback. Which is not what i want.

PS: The keys posted here are fake.

Answer 1

Since you are instantiating the Twitter::REST::Client in an initializer using a fixed set of credentials, I'd assume that the client is always using the credentials with which it was instantiated.

In order to post a tweet on behalf of an Account, you'll want to instantiate a client that utilizes the credentials you are receiving from authorization, something like this:

class Account < ActiveRecord::Base
  def twitter_client
    Twitter::REST::Client.new do |config|
      config.consumer_key = "2BN4jYtsf453374VM4m7HG"
      config.consumer_secret = "LOE545ksfjkae3r8FOzj3NTHXVBfx8njPX0JHMNqCJs3mOnhQleH"
      config.access_token = self.token
      config.access_token_secret = self.secret
    end
  end
end

Then given an account, you could post like so:

account.twitter_client.update("Just setting up my twttr")