Last active
October 25, 2024 12:51
-
-
Save cmj/c45c46d9dd11fa2d4ba4de55c50598e6 to your computer and use it in GitHub Desktop.
Grab Twitter oauth token (no longer works)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # returns oauth token for twitter account. can be used with low-traffic, private nitter instance | |
| # key elements from https://unam.re/blog/developing-your-own-twitter-api | |
| import requests | |
| import json | |
| import re | |
| username="" | |
| password="" | |
| #email="" | |
| #proxies = {'http': 'http://127.0.0.1:8888', 'https': 'http://127.0.0.1:8888'} | |
| proxies = None | |
| #verify = "/tmp/mitm.crt" | |
| verify = True | |
| authorization_bearer = 'Bearer AAAAAAAAAAAAAAAAAAAAAFXzAwAAAAAAMHCxpeSDG1gLNLghVe8d74hl6k4%3DRUMF4xAQLsbeBhTSRrCiQpJtxoGWeyHrDb5te2jpGskWDFW82F' | |
| guest_token = requests.post("https://api.twitter.com/1.1/guest/activate.json", headers={'Authorization': authorization_bearer}).json()['guest_token'] | |
| url_flow_1 = "https://twitter.com/i/api/1.1/onboarding/task.json?flow_name=login" | |
| url_flow_2 = "https://twitter.com/i/api/1.1/onboarding/task.json" | |
| # flow 1 | |
| data = {'': ''} | |
| headers = { 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Referer': 'https://twitter.com/sw.js', 'X-Guest-Token': guest_token, 'Content-Type': 'application/json', 'Authorization': authorization_bearer } | |
| r = requests.post(url_flow_1, proxies=proxies, verify=verify, headers=headers, data=json.dumps(data)) | |
| att = r.headers.get('att') | |
| flow_token = json.loads(r.text)['flow_token'] | |
| # flow 2 | |
| data = {"flow_token": flow_token ,"subtask_inputs":[{"subtask_id":"LoginEnterUserIdentifierSSO","settings_list":{"setting_responses":[{"key":"user_identifier","response_data":{"text_data":{"result":username}}}],"link":"next_link"}}]} | |
| # include att | |
| headers = { 'att': att, 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Referer': 'https://twitter.com/sw.js', 'X-Guest-Token': guest_token, 'Content-Type': 'application/json', 'Authorization': authorization_bearer } | |
| r = requests.post(url_flow_2, proxies=proxies, verify=verify, headers=headers, data=json.dumps(data)) | |
| flow_token = json.loads(r.text)['flow_token'] | |
| # email check. haven't seen this needed yet | |
| if (json.loads(r.text)['subtasks'][0]['subtask_id'] == "LoginEnterAlternateIdentifierSubtask"): | |
| data = {"flow_token": flow_token, "subtask_inputs":[{"subtask_id":"LoginEnterAlternateIdentifierSubtask","enter_text":{"text": email,"link":"next_link"}}]} | |
| headers = { 'att': att, 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Referer': 'https://twitter.com/sw.js', 'X-Guest-Token': guest_token, 'Content-Type': 'application/json', 'Authorization': authorization_bearer } | |
| r = requests.post(url_flow_2, proxies=proxies, verify=verify, headers=headers, data=json.dumps(data)) | |
| flow_token = json.loads(r.text)['flow_token'] | |
| # flow 3 | |
| data = {"flow_token": flow_token ,"subtask_inputs":[{"subtask_id":"LoginEnterPassword","enter_password":{"password":password,"link":"next_link"}}]} | |
| r = requests.post(url_flow_2, proxies=proxies, verify=verify, headers=headers, data=json.dumps(data)) | |
| flow_token = json.loads(r.text)['flow_token'] | |
| #user_id = json.loads(r.text)['subtasks'][0]['check_logged_in_account']['user_id'] | |
| # flow 4 (final) | |
| data = {"flow_token":flow_token,"subtask_inputs":[{"subtask_id":"AccountDuplicationCheck","check_logged_in_account":{"link":"AccountDuplicationCheck_false"}}]} | |
| r = requests.post(url_flow_2, proxies=proxies, verify=verify, headers=headers, data=json.dumps(data)) | |
| token = json.loads(r.text)['subtasks'][0]['open_account']['oauth_token'] | |
| secret = json.loads(r.text)['subtasks'][0]['open_account']['oauth_token_secret'] | |
| account = {"oauth_token": token, "oauth_token_secret": secret} | |
| print(json.dumps(account)) |
@sajiljosephs Twitter removed the ability to retrieve oauth tokens sometime in August, so unfortunately this script (and others like it) won't work at all.
The only methods of getting Nitter to work are if you have old oauth tokens or using regular auth_token/csrf with a single account.
To use Nitter with a basic cookie header, try this fork: https://github.com/cmj/nitter/tree/cookie_header - (Install notes)
Further discussion: https://gist.github.com/cmj/998f59680e3549e7f181057074eccaa3?permalink_comment_id=5194111#gistcomment-5194111
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
python3 twitter_oauth.py
Traceback (most recent call last):
File "/home/user/twitter_oauth.py", line 54, in
token = json.loads(r.text)['subtasks'][0]['open_account']['oauth_token']
KeyError: 'subtasks'