Sample code for 30+ languages & platforms
Perl

Twitter OAuth1 Authorization (3-legged)

See more OAuth1 Examples

Demonstrates 3-legged OAuth1 authorization for Twitter.

This example is deprecated and no longer valid.

Chilkat Perl Downloads

Perl
use chilkat();

$success = 0;

$consumerKey = "TWITTER_CONSUMER_KEY";
$consumerSecret = "TWITTER_CONSUMER_SECRET";

$requestTokenUrl = "https://api.twitter.com/oauth/request_token";
$authorizeUrl = "https://api.twitter.com/oauth/authorize";
$accessTokenUrl = "https://api.twitter.com/oauth/access_token";

# The port number is picked at random. It's some unused port that won't likely conflict with anything else..
$callbackUrl = "http://localhost:3017/";
$callbackLocalPort = 3017;

# The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
$http = chilkat::CkHttp->new();

$http->put_OAuth1(1);
$http->put_OAuthConsumerKey($consumerKey);
$http->put_OAuthConsumerSecret($consumerSecret);

$req = chilkat::CkHttpRequest->new();
$req->AddParam("oauth_callback",$callbackUrl);

$req->put_HttpVerb("POST");
$req->put_ContentType("application/x-www-form-urlencoded");

$resp = chilkat::CkHttpResponse->new();
$success = $http->HttpReq($requestTokenUrl,$req,$resp);
if ($success == 0) {
    print $http->lastErrorText() . "\r\n";
    exit;
}

# If successful, the resp.BodyStr contains something like this:  
# oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
print $resp->bodyStr() . "\r\n";

if ($resp->get_StatusCode() != 200) {
    print "Failed response status code: " . $resp->get_StatusCode() . "\r\n";
    exit;
}

$hashTab = chilkat::CkHashtable->new();
$hashTab->AddQueryParams($resp->bodyStr());

$requestToken = $hashTab->lookupStr("oauth_token");
$requestTokenSecret = $hashTab->lookupStr("oauth_token_secret");
$http->put_OAuthTokenSecret($requestTokenSecret);

print "oauth_token = " . $requestToken . "\r\n";
print "oauth_token_secret = " . $requestTokenSecret . "\r\n";

# ---------------------------------------------------------------------------
# The next step is to form a URL to send to the authorizeUrl
# This is an HTTP GET that we load into a popup browser.
$sbUrlForBrowser = chilkat::CkStringBuilder->new();
$sbUrlForBrowser->Append($authorizeUrl);
$sbUrlForBrowser->Append("?oauth_token=");
$sbUrlForBrowser->Append($requestToken);
$url = $sbUrlForBrowser->getAsString();

# Launch the system's default browser navigated to the URL.
$oauth2 = chilkat::CkOAuth2->new();
$success = $oauth2->LaunchBrowser($url);
if ($success == 0) {
    print $oauth2->lastErrorText() . "\r\n";
    exit;
}

# When the url is loaded into a browser, the response from Twitter will redirect back to localhost:3017
# We'll need to start a socket that is listening on port 3017 for the callback from the browser.
$listenSock = chilkat::CkSocket->new();

$backLog = 5;
$success = $listenSock->BindAndListen($callbackLocalPort,$backLog);
if ($success == 0) {
    print $listenSock->lastErrorText() . "\r\n";
    exit;
}

# Wait for the browser's connection in a background thread.
# (We'll send load the URL into the browser following this..)
# Wait a max of 60 seconds before giving up.
$sock = chilkat::CkSocket->new();
$maxWaitMs = 60000;
# task is a Task
$task = $listenSock->AcceptNextAsync($maxWaitMs,$sock);
$task->Run();

# Wait for the listenSock's task to complete.
$success = $task->Wait($maxWaitMs);
if (!$success or ($task->get_StatusInt() != 7) or ($task->get_TaskSuccess() != 1)) {
    if (!$success) {
        # The task.LastErrorText applies to the Wait method call.
        print $task->lastErrorText() . "\r\n";
    }
    else {
        # The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        print $task->status() . "\r\n";
        print $task->resultErrorText() . "\r\n";
    }

    exit;
}

# If we get to this point, the connection from the browser arrived and was accepted.

# We no longer need the listen socket...
# Stop listening on port 3017.
$listenSock->Close(10);

# Read the start line of the request..
$startLine = $sock->receiveUntilMatch("\r\n");
if ($sock->get_LastMethodSuccess() == 0) {
    print $sock->lastErrorText() . "\r\n";
    exit;
}

# Read the request header.
$requestHeader = $sock->receiveUntilMatch("\r\n\r\n");
if ($sock->get_LastMethodSuccess() == 0) {
    print $sock->lastErrorText() . "\r\n";
    exit;
}

# The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
# Once the request header is received, we have all of it.
# We can now send our HTTP response.
$sbResponseHtml = chilkat::CkStringBuilder->new();
$sbResponseHtml->Append("<html><body><p>Chilkat thanks you!</b></body</html>");

$sbResponse = chilkat::CkStringBuilder->new();
$sbResponse->Append("HTTP/1.1 200 OK\r\n");
$sbResponse->Append("Content-Length: ");
$sbResponse->AppendInt($sbResponseHtml->get_Length());
$sbResponse->Append("\r\n");
$sbResponse->Append("Content-Type: text/html\r\n");
$sbResponse->Append("\r\n");
$sbResponse->AppendSb($sbResponseHtml);

$sock->SendString($sbResponse->getAsString());
$sock->Close(50);

# The information we need is in the startLine.
# For example, the startLine will look like this:
#  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
$sbStartLine = chilkat::CkStringBuilder->new();
$sbStartLine->Append($startLine);
$numReplacements = $sbStartLine->Replace("GET /?","");
$numReplacements = $sbStartLine->Replace(" HTTP/1.1","");
$sbStartLine->Trim();

# oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd
print "startline: " . $sbStartLine->getAsString() . "\r\n";

$hashTab->Clear();
$hashTab->AddQueryParams($sbStartLine->getAsString());

$requestToken = $hashTab->lookupStr("oauth_token");
$authVerifier = $hashTab->lookupStr("oauth_verifier");

# ------------------------------------------------------------------------------
# Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

$http->put_OAuthToken($requestToken);
$http->put_OAuthVerifier($authVerifier);

# We don't need the "Authorization: OAuth ..." header for this POST.
$http->put_OAuth1(0);
$req->RemoveParam("oauth_callback");
$req->AddParam("oauth_verifier",$authVerifier);
$req->AddParam("oauth_token",$requestToken);

$req->put_HttpVerb("POST");
$req->put_ContentType("application/x-www-form-urlencoded");

$success = $http->HttpReq($accessTokenUrl,$req,$resp);
if ($success == 0) {
    print $http->lastErrorText() . "\r\n";
    exit;
}

# Make sure a successful response was received.
if ($resp->get_StatusCode() != 200) {
    print $resp->statusLine() . "\r\n";
    print $resp->header() . "\r\n";
    print $resp->bodyStr() . "\r\n";
    exit;
}

# If successful, the resp.BodyStr contains something like this:
# oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&user_id=85612355&screen_name=chilkatsoft&x_auth_expires=0
print $resp->bodyStr() . "\r\n";

$hashTab->Clear();
$hashTab->AddQueryParams($resp->bodyStr());

$accessToken = $hashTab->lookupStr("oauth_token");
$accessTokenSecret = $hashTab->lookupStr("oauth_token_secret");
$userId = $hashTab->lookupStr("user_id");
$screenName = $hashTab->lookupStr("screen_name");

# The access token + secret is what should be saved and used for
# subsequent REST API calls.
print "Access Token = " . $accessToken . "\r\n";
print "Access Token Secret = " . $accessTokenSecret . "\r\n";
print "user_id = " . $userId . "\r\n";
print "screen_name  = " . $screenName . "\r\n";

# Save this access token for future calls.
# Just in case we need user_id and screen_name, save those also..
$json = chilkat::CkJsonObject->new();
$json->AppendString("oauth_token",$accessToken);
$json->AppendString("oauth_token_secret",$accessTokenSecret);
$json->AppendString("user_id",$userId);
$json->AppendString("screen_name",$screenName);

$fac = chilkat::CkFileAccess->new();
$fac->WriteEntireTextFile("qa_data/tokens/twitter.json",$json->emit(),"utf-8",0);

print "Success." . "\r\n";