Twitter WWDC 2010 Meetup: OAuth Echo, xAuth, trim_users, and entities


Published on

@raffi and @episod talk about recent Twitter API features like OAuth, xAuth, trim_users, and entities

Published in: Technology
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

  • Twitter WWDC 2010 Meetup: OAuth Echo, xAuth, trim_users, and entities

    1. OAuth, trim_users, and entities @raffi and @episod TM June 9, 2010
    2. Let’s do xAuth. Username: tpFriendlyGiant Password: %&123!aZ+()456
    3. And the same application. Consumer Key: sGNxxnqgZRHUt6NunK3uw Consumer Secret: 5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk
    4. Each value first needs to be escaped in your POST body Password “%&123!aZ+()456” becomes: %25%26123%21aZ%2b%28%29456 Login remains: tpFriendlyGiant (new lines added for readability)
    5. Your POST body should look like.. x_auth_password=%25%26123%21aZ%2b %28%29456 &x_auth_mode=client_auth &x_auth_username=tpFriendlyGiant (new lines added for readability)
    6. Crossing now over to the OAuth side For this request, we’ll use the following request-specific variables: oauth_timestamp: 1276101652 oauth_nonce: WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA Request URL:
    7. Building our signature base string... POST& %2Faccess_token&oauth_consumer_key%3DsGNxxnqgZRHUt6NunK3uw %26oauth_nonce%3DWLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp %3D1276101652%26oauth_version%3D1.0%26x_auth_mode %3Dclient_auth%26x_auth_password%3D%2525%2526123%2521aZ%252B %2528%2529456%26x_auth_username%3DtpFriendlyGiant
    8. Most important to see that this.. x_auth_password=%25%26123%21aZ%2b%28%29456 &x_auth_mode=client_auth &x_auth_username=tpFriendlyGiant Becomes that... %26x_auth_mode%3Dclient_auth%26x_auth_password%3D %2525%2526123%2521aZ%252B%2528%2529456%26x_auth_username %3DtpFriendlyGiant
    9. Build our HTTP Authentication header Our signing secret is “5kEQypKe7lFHnufLtsocB1vAzO07xLFgp2Pc4sp2vk&” OAuth oauth_nonce="WLxsobj4rhS2xmCbaAeT4aAkRfx4vSHX4OnYpTE77hA", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1276101652", oauth_consumer_key="sGNxxnqgZRHUt6NunK3uw", oauth_signature="yUDBrcMMm6ghqBEKCFKVoJPIacU%3D", oauth_version="1.0" Note how it only contains OAuth parameters, not x_auth parameters.
    10. Now we’ve got the donuts all lined up...
    11. Send the request & take the access token from the response oauth_token=153814517- LktOAPmBRsNWfJHY2DUE9PfFaEX2EYgCkIsAemA P&oauth_token_secret=WDNVjV9nKuqJftNE7O 5KozKxUvECSE234N6HX0gwgM&user_id=153814 517&screen_name=tpFriendlyGiant&x_auth_ expires=0
    12. OAuth & xAuth are better with a friend. Need xAuth access? Send a detailed message to
    13. OAuth Echo
    14. OAuth Echo ‣ After “Basic Auth shutoff”, how do you use third party services? ‣ you may not have the user’s username / password ‣ the third party service couldn’t do anything with it anyway on the API ‣ OAuth Echo = delegation in identity verification ‣ Pass around information needed for an OAuth call to account/ verify_credentials ‣ usernames and passwords are secure ‣ can only be used once ‣ must be used within a particular time window (i.e. it is self expiring)
    15. OAuth Echo ‣ It’s really simple - to upload to TwitPic ‣ construct upload request to TwitPic (with the image) ‣ include X-Verify-Credentials-Authorization header - the OAuth Authorization header that TwitPic should send back to Twitter’s API ‣ include X-Auth-Service-Provider header and set it to the target Twitter API auth endpoint
    16. OAuth Echo ‣ X-Verify-Credentials-Authorization ‣ include X-Auth-Service-Provider header and set it to verify_credentials.json
    17. trim_user=true
    18. trim_user=true <stat us> <crea te <id>1 d_at>Wed J 58 un 09 <text 03093452</ 21:21 :53 + >this id> 0000 <sour is my 2010< ce>we brain /crea <trun b</so on te ted_a cated urce> chnol t> <in_r >fals ogy h ep e</t ttp:/ <in_r ly_to_stat runcated> / /Lubk eply_ to_us us_id></in Qnk</ Don’t embed the entire <user> in the <favo er_id _repl text> ‣ rited ></in y_to_ <in_r >fals _repl ep e</f y_to_ status_id> <user ly_to_scre avorited> user_ id> > en_na <id>8 me></ 28 in_re ply_t <name 5392</id> <status> o_scr >raff een_n <scre i</na ame> en_na me> <loca me tion> >raffi</sc <desc Sa re the t ripti n Francisc en_name> ech l on> o, ead o Tinkering, California only have <user><id>...</id></user> f @t ‣ <pr wri </lo heads ofile_imag witterapi. ting, engi cation> hot-c asual e_url>http </descript neering, a <url> _ : i nd br http: normal.png //a1.twimg on> eakin g thi <prot //www </pro .com/ ngs a ected .meha file_ profi s <foll >fals image le_im owers e</pr m/</u _url> ages/ ~60% reduction in bandwidth requirements _c otec rl> 36404 <prof 1028/ ile_b ount>3211< ted> ‣ raffi <prof ackgr /foll - ound_ <prof ile_t ex color owers_coun ile_l t_color>33 >C0D t> <prof ink_c olor 3333< EED</profi il /pro le_b <prof e_sidebar_ >0084B4</p file_text_ ackground_ il fi ro co color You’ll need to cache the user objects <frie e_sidebar_ ll_color>D file_link_ lor> > ‣ <crea <favo nds_c ou borde r_ ted_a nt>457</fr color>C0DE profile_si t> ie DEEF6 </ ED urite Sun Aug 19 nds_count> </profile_ bar_fill_c color > de s_ sideb <utc_ offse count>48</ 4:24:06 +0 1 ar_bo olor> <time t> fa 00 rder_ _zone -28800</ut vourites_c 0 2007</cr color may not pick up changes to user objects >Paci c_off ount> eated > ‣ <prof fic T set> _at> theme ile s/the _backgroun ime (US &a m d m <prof e1/bg.png< _image_url p; Canada) ile_b /prof >http </tim ackgr <noti fi ound_ ile_backgr ://s.twimg e_zone> <geo_ cations>fa tile ound .com enabl lse</ >false</pr _image_url /a/1275689 ...but, they change infrequently(ish) <veri ed no of > 140/i ‣ fied> >true</geo tification ile_backgr mages <foll false _enab s> ound_ / owing </ver led> tile> <stat >t ifie uses_ rue</follo d> <lang co wi >en</ unt>2498</ ng> <cont la statu ribut ng> ses_c Available on all timeline calls to REST </use ors_e ount> ‣ r> nable <geo/ d>fal > se</c <coor ontri dinat butor es/> s_ena <plac bled> e/> <cont </sta ributors/> tus>
    19. > ed_at creat 010</ text> +0 000 2 Qnk</ 21:21 :53 /Lubk / un 09 ttp:/ <st atus> _at>Wed J d> l ogy h ed i echno < creat 3093452</ rain on t <statu 580 <id>1 his is my ce> b us_id > s> >t ur <text >web</so /truncate reply_to d> _stat <creat _id> ed_at> <source d>false< _id></in_ y_to_user cate tus repl > <id>15 We <trun ly_to_sta _id></in_ ep r <in_r ly_to_use /favorite n_reply_t d> o_s creen _name 803093 d Jun 09 2 <text> 45 1:21:5 ep < <in_r ted>false en_name>< /i LubkQn this i 2</id> 3 +000 ri <favo ly_to_scr e k</tex s my brain 0 2010 <in_r ep thing s as t> </crea > <user 285392</i me> d> on> aking <sourc on tec ted_at name> a</locati , and bre e>web< hnolog > <id>8 affi</na i</screen iforni _ affi- >r f <name _name>raf ncisco, C ing, engi al ne ering 64041 028/r <trunc /sourc y http en a it n> ima ges/3 ated>f e> ://t.c <scre on>San Fr ering, wr escriptio profile_ ti k /d m/ <in_re alse</ o/ <loca ption>Tin tterapi.< rl> ply_to trunca ri i a1 _u <desc ad of @tw l>http:// ile_image <in_re _statu ted> h le _ur e tec ile_image mal.png</ /</url> prof ply_to s_id>< th <favor _u /i <prof sual_nor ot-ca ww.m cted> eadsh >http://w se</prote llowers_c ofile_ba > ount> ckgro und_c olor> ited>f ser_id></i n_reply_to h <in_re alse</ n_repl _statu <url >fal </fo D</pr olor ply_to favori y_to_u s_id> ected ount>3211 lor>C0DEE le_text_c or> olor> <prot ers_c ow und_c o </pro fi ink_c o l ebar_ f ill_c _color> er <user> _scree ted> ser_id <foll e_backgro or>333333 profile_l file_sid ebar_bord n_name > il l </ <prof e_text_co or>0084B4 DDEEF6</p rofile_s ro id <id>82 ></in_ il l <prof e_link_co fill_colo r>C0DEED< r> / p at> 85392< reply_ <pro fil ideba r_ er_co lo </cre ated_ </user /id> to_scr ile_s ebar_bord iends_cou 0000 2007 <prof e_sid nt> > een_na ofil </fr 06 + t>457 19 14:24: es_count> <geo/> me> <pr un ages/ n ds_co un Aug rit zone> 689140/im <frie d_at>S favou time_ 5 <coord e >48</ offset> da)</ com/a/127 <cre at es_co unt utc_ mp; C ourit >-28800</ me (US &a tp:// url> ana img. inates <fav et i ht e_ tile> <place /> <utc _offs Pacific T mage_url> ound_imag kground_ one> _bac /> d_i ime_z backgroun rofile_ba </profile ckgr <contr </stat ibutors/> <t ile_ </p alse <prof e1/bg.png nd_tile>f cations> th them rou emes/ ile_backg false</no bled> tifi us> <prof cations> </geo_ena fi e <noti abled>tru verified> en / > <geo_ ed>false< following es_count> fi <veri ing>true< 498</stat / us bled> s_ena ow <foll es_count> 2 butor us e</c ontri <stat n</lang> bled>fals >e a <lang butors_en ri <cont r> </use > <geo/ nates/> di <coor > e/ <plac butors/> ri <cont us> < /stat
    20. include_entities=true
    21. <stat us> include_entities=true <crea te <id>1 d_at>Wed J 58030 <text 93452 un 09 21:2 >t </i 1:53 <sour his is my d> +0000 2010< ce>we <trun b</so brain on t /crea ted_a cated urce> echno t> <in_r >fals logy eply_ e</tr http: <in_r to unc //t.c eply_ _status_id ated> o/Lub kQnk< <favo to_us ></in /text rited er_id _repl > <in_r >fals ></in y_to_ eply_ e</fa _repl statu y_to_ <user > to_sc vo reen_ rited> user_ s_id> Use to do the heavy lifting of parsing name> id> ‣ <id>8 </in_ 28 reply <name 5392</id> _to_s creen >raff _name <scre i</na > en_na me> <loca me>ra ti ffi <desc on>San Fra </screen_n will extract URLs, #tags, @mentions of @t rip nc ame witte tion>Tinke isco, Cali > ‣ casua <prof l_nor rapi. < mage_ url>h ring, ile_i /descripti writing, on> forni a</lo c engin ation> eerin m <url> al.png</pr ttp: g, an http: //www ofile //a1.twimg d bre aking <prot .meha _image_url .com/prof thing get consistency in #tag parsing ected ile_i s as >fals m/</u > ‣ <foll e</pr mages the t owers otect rl> /3640 ech l <prof _coun ed> 41028 ead ile_b t>321 /raff <prof ackgr 1</fo i-hea il oun llowe dshot <prof e_text_col d_color>C0 rs_count> - il o DE <prof e_link_col r>333333</ ED</profil @mentions also have info about the user il o pr e <prof e_sidebar_ r>0084B4</ ofile_text _backgroun ‣ <frie <crea ile_s id fill_ c profi nds_c ebar_borde olor>DDEEF _link_colo > te ount> 457 r_col or> le 6</pr ofi _colo r r> d_col or> <favo d_at>Sun A </friends_ C0DEED</pr le_sidebar ur u co ofile _ <utc_ ites_count g 19 14:24 unt> _side fill_color URLs with expanded links offse bar_b t>-28 >48</ :06 + order > ‣ 800</ favourites 0000 2007< <time _colo _z <prof one>Pacifi utc_o ffset _count> /crea ted_a r> theme ile_b c Tim > t> 1/bg. ack e png</ ground_ima (US &amp; <prof profi ge_ur Canad il le l> a) <noti e_backgrou _backgroun http://s.t </time_zon String indexing points for easy extraction and fi n d_ w e <geo_ cations></ d_tile>fal image_url> > ‣ <veri <foll enabl ed notif fied> >true</geo cations> false </ver i _enab se</p rofil e_bac kgrou nd_ti 12756 89140 /imag es/th emes/ <stat owing ></fo ified led> le> substitution us llo > <lang es_count>2 wing> >e 498</ <cont n</lang> statu ses_c </use ribut ount> r> ors_e nable <geo/ d>fal > se</c <coor ontri Available on REST timeline calls dinat butor s_ena ‣ <plac es/> bled> e/> <cont ri <enti butors/> ties> <user _m <urls entions/> COMING SOON > ‣ <url end= <url> "50" start ht = expan <expa tp:// "31"> nded_ ded_u rl> url>h LubkQnk</u ttp:/ /www. rl> a link-ified version of the tweet text </url nytim > ‣ </url s> m/201 <hash 0/06/ 07/te </ent tags/> chnol ogy/0 </sta ities 7brai tus> > n.htm l</ ‣ availability on statuses/show
    22. <enti ties> <user _ment <user ions> _ment <id>8 ion e 19797 nd="1 <scre </id> 1" st en_na art=" me>ep 4"> <name isod< </use >Tayl /scre r_men or Si en_na </use tion> nglet me> r_men ary</ <urls tions name> Hey @episod, check out > > <url - itʼs #hot end=" 45" s <url> tart= http: "23"> <expa //dev nded_ .twit </url url/> ter.c </url > om</u s> rl> <hash tags> <hash tag e <text nd="5 >hot< 7" st </has /text art=" htag> > 53"> </has </ent htags ities > >
    23. Questions? Follow us at TM