Create a Twitter OAuth Application With Tweetr Using Single Access Token

What do you do when you want to use the Twitter API with your own account, and don’t need or want users to login via the PIN OAuth dance? You can use a single access token/secret in place of the authenticated token/secret and get all the access you need.

Note: the authenticated user in this scenario is you, the owner of the application.

For this example I’m using Tweetr, an AS3 library for accessing Twitter from your Flash or Flex application. Tweetr requires as3crypto. Details and downloads here:

Make sure you grab the proxy php and load that up on your server so you can have a service host. Run the install.php so it’s ready to go. This is a nice script providing caching so you get a little speed boost and don’t run over your Twitter API limit.

Ok, let’s get to it.

Create a Twitter Application, and make note of the Consumer key and secret on the settings page. Then on the right side of the profile click the button labeled “My Access Token”. Grab that Access Token and Access Token Secret. This is referred to as a “single access token”, “one access token”, or “single user access token”. Docs:

In your Flash application, implement Tweetr with OAuth. Import and other implementation details are omitted below.

var serviceHost : String = “http://your_twittr_proxy_php_setup”;

var tweetr:Tweetr = new Tweetr();
tweetr.serviceHost = serviceHost;       

oauth = new OAuth();
oauth.serviceHost = serviceHost;
oauth.consumerKey = “CONSUMER_KEY”;
oauth.consumerSecret = “CONSUMER_SECRET”;
oauth.oauthToken = “MY_ACCESS_TOKEN”;
oauth.oauthTokenSecret = “MY_ACCESS_TOKEN_SECRET”;
tweetr.oAuth = oauth; 

And then you need to…wait, sorry, that’s all there is. Start making calls to the API and listening for results.

tweetr.addEventListener(TweetEvent.COMPLETE, handleLoad);
tweetr.addEventListener(TweetEvent.FAILED, handleFail);
tweetr.getUserTimeLine(null, null, null, 0, 0);

var tweets:Array = [];
private function handleLoad(event:TweetEvent):void
for(var i:int = 0; i

< event.responseArray.length; i++)
var statusData:StatusData = event.responseArray

  // ... do something magical with the tweets

private function handleFail(event:TweetEvent):void
trace("Failed to get data");
// ... handle the disappointing failure…maybe a whale…just a thought

There are plenty of good tutorials out for using Tweetr, though beware of any too old. Twitter phased out basic authentication August 2010.

A couple I checked out:
Mark Doherty: Tweetr App Video Walkthrough
swfjunkie: PINless OAuth with Tweetr

I also want to note that it’s difficult to secure anything in a Flash application, and the key, token, and secrets are no exception. In this example they are right there in the code, unencrypted. SWFs are easily decompiled. If you dream up a solid security solution that doesn’t require a mountain of effort, please let me know.

Categories: FlashFlexAIRPermalink