OAuth Title Image

If you are building a twitter client of any sorts you should know that basic authentication (user ID and password) will be removed from the twitter API August 16, 2010 (it says so on the twitter API wiki). Instead, Oauth should be used to login.

Why do we need to use Oauth?

One problem with allowing users to build applications towards your service using regular authentication is that these need to use regular login credentials to access data. These third party applications have access to user ID and password and will often store these locally in one way or the other. This is a huge problem for security since you have no control over users credentials.
This is where OAuth comes into play. Oauth grants third-party applications access to the resources without sharing passwords.
If you want to know more about Oauth go to The Authoritative Guide to OAuth 1.0 at Hueniverse.

How to login to Twitter with OAuth

Before we start, if you have any problems whatsoever please leave a comment and I’ll try to help you.
Authentication with OAuth in twitter is done in two steps. The first step sends the user to a twitter URL where the user logs in and receives a pin code.
In the second step the pin code is entered in the third party application and a request is sent to grant access to twitter.
Using python this solution is not that well documented. Especially if you, like me, are using the python twitter API mappings to help out with those twitter API calls. If you are planning to build a twitter client using python, don’t be discouraged, python twitter works really well. I will try to make the steps you need to take as clear as possible in this post.
If you never built an application using Python before, check out our guide to GUI programming using Python. Lets get started!

Register your application in Twitter

Twitter client registration

To use Oauth towards twitter your client needs a consumer key and a consumer secret. You get these by going to twitter and registering your application. This is done to the right in the settings -> connections dialog at the twitter site.
Your Key and Secret will be available after registration.

Get Python Twitter

Download Python Twitter Bindings

Python Twitter a is set of twitter API mappings for Python. As far as I know it is the best one to date if you are using python to communicate with twitter. If you want to check out other ones check out the post: Python Twitter API Library Reviews and Samples. I suggest you download the latest source (twitter.py) but it should work if you download the latest package aswell. I think the only thing you need aside from the twitter.py file is to have simplejson installed. If you have other problems there is a nice set of installation instructions at the python twitter site.

Get and install OAuth

Download and install OAuth

Download Oauth from this google code svn path and install it. I simply put the OAuth directory amongst my referenced libraries.

Get and install Oauth Python Twitter

Download and install Python Twitter Oauth

The oauth-python-twitter instructions are not crystal clear. So, to make this easy, lets take this part step-by-step:
Download the oauth-python-twitter library, called oauthtwitter.py,
Before we can start using this oauthtwitter.py needs to be modified. First thing we need to change the imports from


Then we need to change the getAccessToken() method so that it takes the pin code that will be returned from twitter.
Change from


Now the oauthtwitter.py script can be put amongst your referenced libraries and used.

Use Oauth Python Twitter

The Oauth towards twitter is done in two steps. First a request is made fetching a twitter URL where the user needs to allow your twitter application to access the twitter account. A pin code is received that needs to be entered in the next request.
In the second step the user’s pin code is used and a request for access is made from the application.
Both these steps need your consumer key and secret that you got from twitter when you registered your application. Lets see how the code looks for these steps!

This is the request. It sends the consumer key and consumer secret, that you got when registering your application, to twitter and returns a returns a OAuth Request Token and a authentication URL.
You will need mOauthRequestToken in your call for access towards twitter and mOauthRequestUrl is the twitter URL you should send the user to for authentication. When the user has accepted your application to gain access to the users twitter account he will get a pin code. This pin code is used in the request from the application to get access. That request is shown below

Here the request token together with the pin code is used to get an OAuth Access Token. That access token is used to get an authenticated twitter api (mTwitterApi) instance and the user information of the user that logged in (mUser). Again, the same Consumer secret and Consumer Key is used as in the previous request.

Re-using the access token

So now you have a authenticated twitter account. Would you like to force the user to go through the same process to log in again? I guess not! The solution is to save the access token for later use. Below are the commands needed to acceive this. I have excluded the part where you save and read the file or put the user information in a database.

To save the access token it probably needs to be a string. This fixes that! Now save it for later use.
When you have read the file it is loaded as a string again, but you will need it as a OauthToken object.

Good thing the OAuthToken class has a from_string() method. Simply put in your string and badaboom, there is your access token.
Next thing you would want to do is to get that authenticated twitter instance again.

Now you can use that the twitter instance for all your twitter api calls. vAuthenticatedTwitterInstance.GetFriendsTimeline() gets your timeline.


OAuth is a great thing for the end user. It is safer because all of the authentication is used directly towards the source. Also, there is one less place where account information is save. For the developer it is a bit worse than just using username and password. But as a developer you should never save account information that is not encrypted and it might be more of a hassle to do a proper encryption than to use OAuth.
I hope this guide has helped you in implementing your OAuth connection. If you have any questions what so ever please leave a comment here and I will reply as soon as I see it!