App-only Twitter 1.1 Authentication OAuth 2.0
Making it work
- When fetching the tweet, the getInputStream (in readResponse()) was giving a FileNotFoundException. Turns out that since Android 4 ICS (Ice Cream Sandwich), this can occur because the conn.setDoOutput(true) causes the request to be turned into a POST even though the specified request method is GET! See here. The fix is to remove that line.
- When invoking requestBearerToken() two times in a row on Android 1.5, the responseCode showed as -1 sometimes; mainly when waiting about 30 seconds before invoking it again. That turned out to be a known issue for Android before 2.2 Froyo. For that the method disableConnectionReuseIfNecessary() is put in place.
- It seems a bearer token lasts "forever", until it is revoked/invalidated. Twitter can do that but you can do it yourself too, via the invalidate_token API call.
User Context Twitter 1.1 Authentication OAuth 1.0a
Making it work
Since my app still runs on Android SDK 1.5 (yes!) I tested the solution on a 1.5 emulator.
- Why does the DefaultHttpClient() suddenly work (see previous section)?
- It would be nice to have an example for app-only authentication using an OAuth 2.0 library like Scribe instead of using this low level POST/GET code.
- In the LogCat I see these messages appear after each API call:
07-01 18:59:03.575: W/ResponseProcessCookies(732): Invalid cookie header: "set-cookie: guest_id=v1%3A137270514572832152; Domain=.twitter.com; Path=/; Expires=Wed, 01-Jul-2015 18:59:05 UTC". Unable to parse expires attribute: Wed, 01-Jul-2015 18:59:05 UTC
Why do these appear?
- It should be possible to get the Twitter Timeline for a given user using your application's private access tokens (and thus not requiring the app-only authentication). Of course this is not recommended, because that would mean you'd have to put these tokens in your application. But for some situations it could be an option. See this PHP code on how that can be done.
The Sample Code Application
- Android 1.5 emulator
- Android 4.0 Samsung S2
- Android 4.0 emulator
How to run it
- Load the project in your favorite IDE or whatever you use to build Android applications.
- In OAuthTwitterClient change the values of CONSUMER_KEY and CONSUMER_SECRET to your own application keys.
- Also modify the CALLBACK_URL to your application's callback URL. Note: you can also make an OOB (out-of-bounds) call that doesn't require a callback URL, but that's for you to figure out, didn't spend time on that.
- Deploy it. You should see a screen like this:
- Press button 1a) to get a bearer token. After pressing it should look like:
- Press 1b) to get the tweet. That should look like:
- Press button 2a) to get authenticated and authorized to post a tweet on behalf of a user. When the browser opens, enter the credentials under which account the tweet should be performed (no screenshot for that one). Then authorize the app (click Authorize app):
It should get back to:
Note: I am getting a message that the certificate is not ok. This is I think because the quite old 1.5 emulator does not have that root certificate:
Because the certificate looks fine:
- Enter a tweet text.
- Press button 2b) to tweet the text above it. That should give you:
- At the bottom of the screen you can see some statuses of what's going on. If you see any error message, check the LogCat.
- That's it!
Showing all tweets with the words 'shakira' and 'underneath your clothes' in it.