Get user Access Token from Twitter in Angular 2+ app

Question

Hi I want to get a twitter user access token/refresh token so that My application can post/read tweets on behalf of the user..

I have a button in my app.. on clicking of the button, I need to show something like below image -

user should be able to provide his/her credential and if it is already logged in to twitter then he/she should only see authorize app button..

I created a new app in my developer twitter account.. but little clueless on how to get user's access token to post/read behalf of him...

Answer 1

Twitter uses OAuth1.0a unlike Facebook which uses OAuth2.0. The difference between OAuth1.0a and OAuth2.0 is that OAuth1.0a is more secure and you should use a server-based authentication flow because it involves api keys and secrets which we shouldn't be sharing with angular app.

On server side (NodeJS/Django, etc) you should use a client library for OAuth1.0 which will help you in complicated process of signing requests befores sending it to twitter. Here is a useful link (which I also used) for you to implement the server flow: https://github.com/requests/requests-oauthlib/blob/master/docs/oauth1_workflow.rst

Basically, the OAuth flow for twitter is as follows:

1. Send a POST request to oauth / request_token
2. You will get the authroization url from Step 1 like this https://api.twitter.com/oauth/authorize?oauth_token=XXX which you will redirect the user to so that they can authorize your app
3. Twitter redirects the user to your redirect url (which you sent with the request in previous step) with access_token and verifier.
4. You need to exchange the access_token and verifier for the actual usable user access token by sending a POST to oauth/access_token.

You can find more details for 3-legged OAuth flow here: https://developer.twitter.com/en/docs/basics/authentication/overview/3-legged-oauth