How to use and retain Twitter4J OAuth access token

IĀ  was stuck in a problem that how to re use access token, once user has authenticated by Twitter (on call back URL). I got it working. There was problem in my understanding about request token vs access token. When user first time comes on call backed URL. I take request token and token secret from session and prepare the access token. Here the place where I was confused.

Now if user presses the refresh button or you want to get user information again from twitter any where in your application. You need to use the access token and this method twitter.setOAuthAccessToken(String1, String2). Because user has already been authenticated by Twitter. You can save this information in session.

HttpSession session = request.getSession();

twitter.setOAuthConsumer(Constants.CONSUMER_KEY,Constants.CONSUMER_SECRET);

if (session.getAttribute("aToken") == null){
	// request token
	String token = (String) session.getAttribute("token");
	String tokenSecret = (String)session.getAttribute("tokenSecret");
	AccessToken accessToken =
		twitter.getOAuthAccessToken(token, tokenSecret);
	twitter.setOAuthAccessToken(accessToken);

	// save the access token, that are different from request token
	session.setAttribute("aToken", accessToken.getToken());
	session.setAttribute("aTokenSecret", accessToken.getTokenSecret());

}else{
	// use the access token to authenticate user whenever you want
	twitter.setOAuthAccessToken((String)session.getAttribute("aToken"),
		(String)session.getAttribute("aTokenSecret"));
}
User user = twitter.verifyCredentials();

If you are also developing some app by using Twitter4J API on Google App Engine. Please give feedback on it.

Twitter4J Quick Tutorial: A quick tutorial on how to develop Twitter app by using Twitter4J on Google App Engine.

You May Also Like

7 Comments

  1. Hi Jeune;

    You this post was very helpful to me to understand all this concept.
    http://jeungun.wordpress.com/2009/09/03/quick-and-dirty-twitter4j-oauth-for-web-apps/

    So to save these access tokens, I have to use cookies. I will get username from cookie, will fetch access tokens from database and user will in.

    This is what I am thinking if I save access tokens in DB. What you think about this technique, or you have any other idea.

    Thanks for blogging on OAuth.

  2. Hi there!

    I haven’t tried the technique you’re saying and I think it’s hard.

    What I did was to get the token and token secret from the access token and associate it with a user. Then, I save it to the database.

    When I need the access token again because, say, the user needs to access his Twitter account via my app, I just get the token and tokensecret associated with the user and reconstruct the access token again.

    If I am not mistaken you can do it by

    AccessToken accessToken = new AccessToken(token, tokenSecret);

    That will give you the access token that you got initially.

    I don’t know though if this will work. It’s been a while since I used Twitter4J and judging from the emails in the discussion groups so much has changed since then.

    Try verifying via the documentation.

    Goodluck! šŸ˜€

  3. Jeune,

    When you say “Also, you should persist the access token so that you can use it again in the future.”

    You mean like store it in database. I have usecase like twitterfeed. twitterfeed takes twitter username and password only once. But after it works by itself. You mean here twitterfeed is sotring some info in database.

  4. Shyam;

    Yes, the access token need to save in database. And I also have the same question. If user came again so we use cookies to get his username and will lookup in database for access token and land it home page.

    So I think cookie need to be involved.

  5. Thank you very much, this save my day =)
    I spent all day trying to use the tokens stored .. I did mess with the request token and access token. Now I can relax a little šŸ˜‰

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.