bad authentication data error on twitter API - ruby-on-rails

I used to do the following to get user timelines:
https://api.twitter.com/1/statuses/user_timeline.json?screen_name=twitterapi&count=2
Now that I'm switching to Twitter API 1.1, I thought all I would have to do is this:
https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=twitterapi&count=2
but I'm getting the bad authentication data error from Twitter. I had no authentication setup previously with twitter, does API version 1.1 require authentication?
I guess I can use the Twitter gem, looks like it makes things pretty simple. But I just want to know whether I can use the above URL like I used to!

Take a read of this. Your initial assumption is correct, authentication is now required for all endpoints in v1.1. So to answer your question your request is correct you just need to pass an OAuth token or use application-only authentication.

Related

How to add additional custom criteria for authorization or token creation in Spring Oauth?

We have implemented Spring Oauth authorization+resource server that can be used for external applications.
Now we would like to add custom checks before some oauth calls returns in the authorization server, most importantly for the authorization code but also before allowing returning a token sometimes.
An example use case might be that which users that are allowed to login for a specific client_id might vary and if not allowed this should generate a redirect back with an error.
So for example a user might trigger a login from a third-party app, redirected to our authorization server and shown a login page, however after login it is discovered (through our business logic) that this specific user is not allowed to authorize access to that specific app/client id.
What is the best way to achive this result in a way that is consistent error handling in Spring oauth?
Also, a related question is also how to resolve the client details before the login screen shown so more specific client details can be shown when logging in?
We could parse the client_id parameter manually but maybe there is a more elegant way to hook into Spring oauth to solve this?
(sorry for dual question but its sort of related and the first question is the most important one)

Getting rid of code/state URI parameters when using OAuth2RestTemplate

I have built a simple Spring Boot application that acts as an OAuth 2.0 client using the #EnableOAuth2Client annotation. My application is creating an OAuth2RestTemplate and the OAuth dance succeeds nicely.
The problem is that when I access my application e.g. at http://localhost:8080/someRequest (where the method serving this resource uses the OAuth2RestTemplate#getObject method to retrieve some remote resources, I end up with sth. like http://localhost:8080/someRequest?code=ABC&state=DEF in my browser.
Is there a way to get rid of these parameters using some Spring configuration magic or do I have to do that myself? I saw that the sample Tonr application suffers from the same problem.
The issue is that you have to handle the callback url that u have registered with OAuth2 provider. when you transfer code and state parameter to the provider Server for access token and refresh token, the provider sends request back to ur callback URL with access token. In callback URL u now have to check if access token is available, you redirect to the original request(u need to save original request before OAuth2 dance).
I know this stuff theoretically, but didnot find Spring-Security-OAuth2 example for handling the callback URL.
I asked same question, but didnot get any answer.
OAuth2 Dance With Spring Security
However without using spring security, i found one link which shows handling callback url manually.It will help u in understanding the flow.
Google Handle callback URl
If u found any example of spring secrity handling callback url , Share with me.
I found this as an issue with spring security oAuth2. Check this JIRA Issue

How do I make the twitter search with the rest API?

when I write this
https://api.twitter.com/1.1/search/tweets.json?q=%23baseball&result_type=recent to search for #baseball but then I get a Bad Authentication data.
How do I add the Authentication to the request? I'm asking how do I make the request? Could someone give me an example of how it would look? If I have a Consumer Key and an Access Token?
The 1.1 API assures that all requests made to Twitter are made with some sort of authentication. To try out the API, use the API console here: https://apigee.com/console/twitter
To simply browse the request, use one of the auth methods in the console and pass in your request with GET https://api.twitter.com/1.1/search/tweets.json?q=baseball&result_type=recent

MVC4 Get user Tweets, alternative to v1 (deprecated)

Using MVC4, I would like to get the recent Tweets (3) of user's without having to request access from them, because that is a pain for the user. This is also because a user may be viewing another user and I would also like to display their Tweets.
This was fairly simple with Twitter API v1:
$.ajax({
url: 'https://api.twitter.com/1/statuses/user_timeline.json?count=3&screen_name=' + twitterUser,
...
});
..but its deprecated and will stop working in about two months from now.
I'm new to Oauth and have struggled to find any good material on how to get a user's Tweets, but I believe the process is a lot more complicated now with the Twitter API v1.1? Ideally, I'd like to achieve everthing in the front end, but think that I now need to do some authentication server side and will have to use MVC?
In order to get any user's Tweets, I was thinking that I could create a Twitter account for my application and use that to get anyone's Tweets, as long as they are not protected.
Does anyone know of any good libraries that I can use to achieve this, or is the out of the box MVC4 Oauth stuff alone enough to do the job?
Any suggestions of where to start, and especially examples would be greatly appreciated.
To use API 1.1, you have to have a Twitter account and a Twitter application and then use OAUTH to authenticate your rate limited requests using GET statuses/show/:id. The only alternative I know is RSS which both Twitter & Facebook have kiiled, briught back and threatened to kill again:
http://api.twitter.com/1/statuses/user_timeline.rss?screen_name={USERNAME}
I decided to use Linq2Twitter, as this makes use of the V1.1 API.
An MVCDemo example of Linq2Twitter stores the authorised credentials in a SessionStateCredentials object, but I can store the object in cache and persist the authorisation for all users, meaning they won't have to authorise anything. Provided that a user's Tweets aren't protected, the Tweet's for any user should be retrievable this way.

Make a request with an "consumer token" with oauth2

I'm using intridea/oauth2 for oauth2 functionality. Everything is working fine with authentication and making requests with an access token.
But what i can not find out is how to make a request without an access token. I thought it would simply work with
client = OAuth2::Client.new(key, secret, :site => site)
client.request(:post, "/api/users", {params: {param1: "val1"}})
but that does not seem to work. It is not setting any oauth header in the request.
How do i make a request like that?
Leave out oAuth completely then. Use simple Net::HTTP requests or use a library like REST Client for example.
It seems like the library isn't capable of something like that. So i now have two ways of authentication. You can find some information on this page: http://railscasts.com/episodes/352-securing-an-api?view=asciicast

Resources