Aug 4, 2009
Twitter OAuth Ruby Gem PIN-based Authentication API Change
I have been using the moomerman-twitter_oauth gem for to allow users to login to our web app via Twitter Connect. Unfortunately, it stopped working when a change in the Twitter API happened. During the OAuth authentication process, instead of being redirected back to our web app, it would show a screen that said:
"You've successfully granted access...enter the following PIN to complete the process"
After browsing the net and getting help from the Twitter API team, I learned that Twitter recently made a change to their OAuth process to allow this PIN type authentication for applications. See for more info: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/472500cfe9e7cdb9/848f834227d3e64d?pli=1
The oauth ruby gem defaults to using PIN-based process instead of the regular web app redirect process. To fix this, explicitly set the oauth_callback url parameter when getting the request token:
@twitter_client = TwitterOAuth::Client.new(
:consumer_key => TWITTER_CONSUMER_KEY,
:consumer_secret => TWITTER_CONSUMER_SECRET
)
request_token = @twitter_client.request_token(:oauth_callback => oauth_confirm_url)
If you are getting a (OAuth::Unauthorized) “401 Unauthorized” error after adding the oauth_callback parameter, try altering your oauth callback method to explicitly state the oauth_verifier as well:
def oauth_callback
@twitter_client = TwitterOAuth::Client.new(
:consumer_key => TWITTER_CONSUMER_KEY,
:consumer_secret => TWITTER_CONSUMER_SECRET
)
@twitter_access_token = @twitter_client.authorize(
session[:request_token],
session[:request_token_secret],
auth_verifier =>params[:oauth_verifier]
)
Apparently, this was posted on the Twitter API Development Group in late May, but it would have been nice if Twitter DMed every web app signed up on the twitter app list of the change. I guess this is a warning for any Twitter API consumers to follow the dev list closely..