Created
October 9, 2022 07:45
-
-
Save larrasket/8258039d52efb7958e7e5edad2f2fcd7 to your computer and use it in GitHub Desktop.
Simple twitter oath1 using browser pin, written in go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"github.com/dghubble/oauth1" | |
twauth "github.com/dghubble/oauth1/twitter" | |
"log" | |
) | |
const outOfBand = "oob" | |
var config oauth1.Config | |
func main() { | |
// read credentials from environment variables | |
consumerKey := "" | |
consumerSecret := "" | |
if consumerKey == "" || consumerSecret == "" { | |
log.Fatal("Required environment variable missing.") | |
} | |
config = oauth1.Config{ | |
ConsumerKey: consumerKey, | |
ConsumerSecret: consumerSecret, | |
CallbackURL: outOfBand, | |
Endpoint: twauth.AuthorizeEndpoint, | |
} | |
requestToken, err := login() | |
if err != nil { | |
log.Fatalf("Request Token Phase: %s", err.Error()) | |
} | |
accessToken, err := receivePIN(requestToken) | |
if err != nil { | |
log.Fatalf("Access Token Phase: %s", err.Error()) | |
} | |
fmt.Println("Consumer was granted an access token to act on behalf of a user.") | |
fmt.Printf("token: %s\nsecret: %s\n", accessToken.Token, accessToken.TokenSecret) | |
} | |
func login() (requestToken string, err error) { | |
requestToken, _, err = config.RequestToken() | |
if err != nil { | |
return "", err | |
} | |
authorizationURL, err := config.AuthorizationURL(requestToken) | |
if err != nil { | |
return "", err | |
} | |
fmt.Printf("Open this URL in your browser:\n%s\n", authorizationURL.String()) | |
return requestToken, err | |
} | |
func receivePIN(requestToken string) (*oauth1.Token, error) { | |
fmt.Printf("Paste your PIN here: ") | |
var verifier string | |
_, err := fmt.Scanf("%s", &verifier) | |
if err != nil { | |
return nil, err | |
} | |
// Twitter ignores the oauth_signature on the access token request. The user | |
// to which the request (temporary) token corresponds is already known on the | |
// server. The request for a request token earlier was validated signed by | |
// the consumer. Consumer applications can avoid keeping request token state | |
// between authorization granting and callback handling. | |
accessToken, accessSecret, err := config.AccessToken(requestToken, "secret does not matter", verifier) | |
if err != nil { | |
return nil, err | |
} | |
return oauth1.NewToken(accessToken, accessSecret), err | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment