Twitter access using Connect-Auth

Question

Twitter access using Connect-Auth

baradas opened this issue 13 years ago · 9 comments

I can authenticate resources within my app with FB/Twitter using Connect-Auth, but now how do I access my feeds post authentication ? Do i use the node-auth library separately to do this?

A couple of questions around this :

How do I get hold of the access tokens for twitter/FB post authentication?
When placing a normal http.request will the authenticated header get appended on to the request or do I need to use the node-auth api to place a request to fetch data? If so, where do I get a handle of the access tokens (see 1)?

baradas commented 13 years ago

Thanks

Answer 1 · 2012-02-16T08:49:28.000Z

For facebook: request.session["access_token" ] will contain the active access_token
For twitter: request.session.auth["twitter_oauth_token"] contains the access token;

The lack of consistency here is a bugger (and not intentional) they should really both be added to the 'auth' context, and follow a similar naming convention (sorry)
2) You will need to use the node-oauth api :)

Answer 2 · 2012-02-16T11:33:02.000Z

Not able to access the access the Facebook token using the above method. Does the session get updated in an async manner and when is it safe to access the token from the session?

Post Auth and redirect when i try to log the below value : req.session["access_token"], I see that it is undefined.

Additionally the session object looks somewhat like the below :

cookie:
{ path: '/',
httpOnly: true,
_expires: Thu, 16 Feb 2012 15:20:44 GMT,
originalMaxAge: 14400000 },
auth:
{ scopedUsers: {},
__performingAuthentication: true,
__originalUrl: '/some_url?login_with=facebook',
trace: [Function] },

Answer 3 · 2012-02-16T11:48:05.000Z

Ah, you're trying to early there I think, you've not yet been authenticatied , can you show me the surrounding code please?

Answer 4 · 2012-02-16T12:44:22.000Z

Yeah, I guess I figured it out.
I am redirecting to a url which is not passing through the authenticate call.
As such the session variable is not set, since the authenticate call can only set the value in the redirect part of the call.
Will try it out and update if I still have issues.

Answer 5 · 2012-02-18T07:48:29.000Z

Hi,

Am able to authenticate, twitter and FB now, however, see one strange behavior .
I get the request tokens post authentication and not the access tokens.

If I use the tokens from request.session.auth["twitter_oauth_token"] it tells me that it is the request token and not the access token and I need to make a separate request for the access tokens to be able to access the API.

I used the oauth library to subsequently make a request for the access tokens and subsequently make the actual API call.
I don't think this is the correct way of making the call and hence some help here would be appreciated.

I make the call to fetchTwitterFeed below after I have an authenticated token in the session.

Code snippet below :

OAuth = require("oauth").OAuth;
function fetchTwitterFeed(req) {
        oa= new OAuth(
                        "https://api.twitter.com/oauth/request_token",
                        "https://api.twitter.com/oauth/access_token",
                        twitterConsumerKey, twitterConsumerSecret,
                        "1.0", callback_url, "HMAC-SHA1");
        oa.getOAuthAccessToken(req.session.auth["twitter_oauth_token"],
                        req.session.auth["twitter_oauth_token_secret"],
                        req.query.oauth_verifier,
                        function(error, oauthAccessToken, oauthAccessTokenSecret, results) {
                        if(error) {
                        console.log("Error getting OAuth access token : " + sys.inspect(error) + "["+oauthAccessToken+"]"+ "["+oauthAccessTokenSecret+"]"+ "["+sys.inspect(results)+"]");
                        } else {
                        oa.get("https://api.twitter.com/1/statuses/home_timeline.json?include_entities=true",
                                oauthAccessToken,
                                oauthAccessTokenSecret, function(error, data) {
                                if(error) {
                                console.log("twitter screen name : " + util.inspect(error));
                                } else {
                                console.log(sys.inspect(data));
                                }
                                });
                        }
                        });
}

Answer 6 · 2012-02-18T11:00:02.000Z

Figured out the issue, the problem was the callback was not being passed to the twitter auth object and hence it didn't redirect a second time to fetch the access token. This can possibly be avoided with some more intelligible logs/examples and a better understanding of the OAuth auth process as well.

Answer 7 · 2012-02-18T11:40:53.000Z

Hmm, you should only need (once authenticated)

         oa.get("https://api.twitter.com/1/statuses/home_timeline.json?include_entities=true",
                            request.session.auth["twitter_oauth_token"] ,
                            request.session.auth["twitter_oauth_token_secret"], function(error, data) {
                            if(error) {
                            console.log("twitter screen name : " + util.inspect(error));
                            } else {
                            console.log(sys.inspect(data));
                            }
                            });

I believe ?

Answer 8 · 2012-02-18T14:34:18.000Z

Yeah, that's correct. Post correct authentication i need only the above.
However, because of the callback not being specified it was not redirecting and hence I used to only get the request tokens and not the access tokens. Thus I had to refetch the access tokens.