Using MVC4, I would like to get the recent Tweets (3) of user's without having to request access from them, because that is a pain for the user. This is also because a user may be viewing another user and I would also like to display their Tweets.
This was fairly simple with Twitter API v1:
$.ajax({
url: 'https://api.twitter.com/1/statuses/user_timeline.json?count=3&screen_name=' + twitterUser,
...
});
..but its deprecated and will stop working in about two months from now.
I'm new to Oauth and have struggled to find any good material on how to get a user's Tweets, but I believe the process is a lot more complicated now with the Twitter API v1.1? Ideally, I'd like to achieve everthing in the front end, but think that I now need to do some authentication server side and will have to use MVC?
In order to get any user's Tweets, I was thinking that I could create a Twitter account for my application and use that to get anyone's Tweets, as long as they are not protected.
Does anyone know of any good libraries that I can use to achieve this, or is the out of the box MVC4 Oauth stuff alone enough to do the job?
Any suggestions of where to start, and especially examples would be greatly appreciated.
To use API 1.1, you have to have a Twitter account and a Twitter application and then use OAUTH to authenticate your rate limited requests using GET statuses/show/:id. The only alternative I know is RSS which both Twitter & Facebook have kiiled, briught back and threatened to kill again:
http://api.twitter.com/1/statuses/user_timeline.rss?screen_name={USERNAME}
I decided to use Linq2Twitter, as this makes use of the V1.1 API.
An MVCDemo example of Linq2Twitter stores the authorised credentials in a SessionStateCredentials object, but I can store the object in cache and persist the authorisation for all users, meaning they won't have to authorise anything. Provided that a user's Tweets aren't protected, the Tweet's for any user should be retrievable this way.
Related
I'm having trouble understanding OAuth2 conceptually. I've read about the whole handshake process a hundred times. I can login to my app using a google account, but once that's done, I need to access Google's API (read data from a Google Spreadsheet on that same account that I logged into, and whom I included spreadsheets in the :scope as per the strategy readme).
Currently, I'm using Omniauth and the omniauth-google-oauth2 strategy; this works great; it pulls up Google's authentication/login screen, and when I get back to my callback link, I'm storing [omniauth][credentials][token].
What is the best way to then use that token to do API work with Google Docs?
Is this the right approach?
I think of Oauth2 as a "way to get the user's password to confirm their existence on my site".
So instead of your User model having a password column, in essence, it uses Google to say "this guy is cool".
Now, what does that have to do with API calls, you wonder... me too.
If I recall, there is a Refresh token that lasts for more than the 20 ms of authetication and will allow you to access their Google Docs, if Google's api allows you to do that.
Having said all that, If google needs their token, plus your API token to access their spreadsheet, I'd stick it into the session.
But if their API said to stick spreadsheet in the scope, then it must say something about how to use it all together too, no?
More Edits
Google Spreadsheets Oauth 2.0 authentication piece is here, with a flow. Notice the part about refresh tokens. I'd look into that.
It says to store it somewhere, which I'd choose the session, or if you are totally paranoid a db column somewhere, but not sure if that is right either. Just spitballing here.
Final Edit
Turns out even the people helping out the Oauth 2.0 don't agree/get it conceptually either.
You may be able to find a gem that wraps the Google API to simplify your tasks.
Here's one that works with Google Drive and spreadsheets.
The google-drive-ruby gem that #Galen mentions seems to work nicely with the google-oauth-2 provider:
Guessing you're already storing the token in the session in your callback handler, e.g.
auth = request.env["omniauth.auth"]
session[:token] = auth["credentials"]["token"]
then you can use it to build a session and access the sheet:
require 'googleauth'
session = GoogleDrive::Session.from_access_token(token)
worksheet = session.spreadsheet_by_key(spreadsheet_id).worksheet_by_title(worksheet_name)
...etc
Hope this helps.
Basically what I'd like to do is request a users public timeline (including retweets) without having to use authentication, but with rate limiting applied to my application and not the IP.
I want to run this request (for several different screen names):
http://api.twitter.com/1/statuses/user_timeline.json?screen_name=stephenfry&include_rts=1&trim_user=1
against the API, but I'm behind a proxy/firewall that basically causes thousands of users to share the same IP which means that my ip is almost always rate limited. Is it possible to insert my API key into the request somehow (header, part of the query string) and have rate limiting on it and not the ip?
I really don't want to go through the full OAuth authentication mechanism for each user as this would require their interaction and I only wish to read their public feed.
I have implemented local caching for the tweets so it will at most make 4 requests per hour/username, but this does me little good when the ip is rate limited from the start.
Can this be done and if so how would I do it?
Edit: I should add that using the Search API is not possible as it will not return any tweets for some of the users (tweets are too old).
There is no form of application-only identity on the Twitter API. To make an authenticated request, you must have a user context. If your integration is purely server-side, you could utilize a single access token representing your own account and make signed, authenticated requests that way. I would not recommend any kind of hard coded tokens in a client-side or distributed environment. You may want to take a look at what's possible using the Streaming API and it's follow filter -- allowing you to stream public tweets by specific users in real time.
I am building an api for others to use. This is a simple enough Json request the user passes as some data and we pass some back.
What I would love is to secure our api and have some sort of user system where we can turn users on and off and we can log how many requests each user makes.
What would be the best way to do this in Rails? I don't want it to slow down the request. I can see ways of doing it using devise maybe but would be great to hear other people's opinions.
Thanks
Another way is to use 3scale (http://www.3scale.net) - it's free up to a traffic cap but handles all the key management, users, documentation etc. and there's a ruby library which you can drop into your code if you're using rails. (other libs are here: https://support.3scale.net/libraries).
I've done this before using the Token Authentication capabilities of devise (see https://github.com/plataformatec/devise ).
I found the following setup works:
Create a user account for each api user.
Configure devise for token authentication
Set the Token Authentication configuration to require the token to be submitted with each request.
This will allow you to enable and disable individual users as well as to track every request back to the api user that made the call.
If you're really interested in tracking usage you may want to consider also creating a database table where you track all api requests. This can be setup to belong_to the users table so that you easily find all requests from different users (e.g., #user.api_requests).
The count of all requests made by a user would be:
#user.api_requests.count
# or use a where clause to find how many of each type
#user.api_requests.where("api_request_type = ?", 'SomeAPICallType').count
One final note -- I recently used the Grape library for building out an API. I thought it was pretty well done and it worked great for our needs. I especially like the ability it provided to version APIs. Details are here: https://github.com/intridea/grape/wiki
I am trying to write a code in ruby on rails that would go into facebook and pull out data to populate my database based on key words that I manually add inside the code. Anyone has done something similar or can help me with it by pointing me towards the right direction? Also I need the code to stay "alive" after the first run in order to update my site automatically. I've looked for a fb API but i couldn't find anything.
Thanks,
Crematorio
The Facebook Graph API is what you would use to pull out data, typically the feed. As for Ruby on Rails, many ways to interact with the FB Graph, but I think the Koala gem is your ticket: https://github.com/arsduo/koala
You would need to set up an application at the FB Developers site, then pass the ID/secret to authenticate via Oauth. I use the following to pull wall feed, this little bit might get you started...
oauth = Koala::Facebook::OAuth.new('app ID here', 'app secret here', 'website/project url')
graph = Koala::Facebook::GraphAPI.new(oauth.get_app_access_token)
feed = graph.get_connections("facebook username here", "feed")
#facebook_feed = ActiveSupport::JSON.decode(feed.to_json)
Adapt this however you like, what I would probably do is a rake task that checks the results of #facebook_feed and processes them based on criteria, keywords, etc.
I am trying to implement two pieces of functionality to my ASP.NET MVC 3 applications.
I would like the ability for the user to use Twitter to authenticate on my web site. I would also like to be able to store the users name and email in my database upon successful login.
I would like to post to the users twitter feed once a certain event occurs.
Are there any open source libraries that can handle both tasks out there?
Thanks
To enable logging in with Twitter credentials on your site, use the Sign in with Twitter flow. If the user is already authenticated, it's a one click operation. The doc I linked has a flowchart and description of the process, and this answer has a bit more detail.
Once your user has signed in via Twitter, you can easily get the user's screen_name, however there is no facility to obtain the user's email from Twitter.
On the Twitter framework front, I recommend Twitterizer. I like the consistency and ease-of-use of the framework, and coverage of- and parity with- the Twitter APIs. I've personally used it on multiple implementations, and have had no issues that tied back directly to the library.
In order to use Sign in with Twitter, you'll need to use the BuildAuthorizationUri(string requestToken, bool authenticate) method overload of the OAuthUtility class, passing true as the second parameter.
Also, Ricky Smith (the Twitterizer lead dev) is active on SO, and anything tagged with twitterizer seems to get pretty prompt attention (meaning I can't answer them faster than Ricky can. ;)
Finally, posting a status to a user's timeline is pretty trivial with Twitterizer once the OAuth tokens have been obtained (simplified example from the Twitterizer site follows):
var tokens = new OAuthTokens();
tokens.AccessToken = "XXX";
tokens.AccessTokenSecret = "XXX";
tokens.ConsumerKey = "XXX";
tokens.ConsumerSecret = "XXX";
TwitterResponse<TwitterStatus> tweetResponse = TwitterStatus.Update(tokens, "Hello, #Twitterizer");
I would think that either of the following would be able to handle both your tasks:
TweetSharp
RestSharp
Also consider...
Twitterizer
or
TwitterVB