Back
May 12, 2010

Twitter API, OAuth and decorators

In my current project I had a task to use twitter API. Twitter uses OAuth for authentication, which is pretty dreary. To avoid fiddling with it all the time, I've moved authentication to decorator, now it looks like this:

@twitter_api
def tweet_hello(request, api):
    api.update_status('hello')
# ...

Decorator checks if key is available, and, if needed - initiates authentication. User is redirected to twitter, grants permission and is redirected back to site, to the same place where he left off. If key is available - nothing happens, just view is launched as usual.

It's convenient that there's no need for additional twitter settings in user profile.

tweepy is used as an API wrapper.

def twitter_api(view):
    def wrapped(request, args, *kwargs):
        callback_url = absolute_url(oauth_endpoint)
        auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET, callback_url)

        if 'twitter_access_token' in request.session:
            key, secret =     request.session['twitter_access_token']
            auth.set_access_token(key, secret)
            return view(request, api=tweepy.API(auth), *args, **kwargs)

        request.session['twitter_action'] = request.path
        redirect_url = auth.get_authorization_url()
        request.session['twitter_request_token'] = (auth.request_token.key, auth.request_token.secret)
        return redirect(redirect_url)

    return wrapped


def oauth_endpoint(request):
    callback_url = absolute_url(oauth_endpoint)
    auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET, callback_url)
    key, secret = request.session.pop('twitter_request_token')
    auth.set_request_token(key, secret)
    verifier = request.REQUEST.get('oauth_verifier')
    auth.get_access_token(verifier)
    request.session['twitter_access_token'] = (auth.access_token.key, auth.access_token.secret)
    return redirect(request.session.pop('twitter_action'))
  • of course, you need to wrap everything in try..except blocks and process errors accordingly
  • absolute_url should return full url, with http://
  • apart from request.path you can also store POST and GET.
  • path can be passed as an argument to callback_url

Subscribe for the news and updates

More thoughts
Sep 26, 2023TechnologyBusiness
13 Web Development Innovations to Adopt in the Next Year

Web development has undergone significant changes over the past five years due to a combination of technological advancements and changing user needs. Let's look at the drivers of these changes and the key technologies that have played a decisive role.

Aug 18, 2022Technology
5 Best Practices of RESTful API Design to Keep Your Users Happy

Dive into our guide to RESTful API best practices

Aug 25, 2017Technology
How to Upload Files With Django

File upload works differently from simple form inputs, which can be somewhat troublesome for beginners. Here I'll show you how to handle uploads with ease.

May 22, 2017Technology
Web Application Security: 10 Best Practices

Protection of WEB App is of paramount importance and it should be afforded the same level of security as the intellectual rights or private property. I'm going to cover how to protect your web app.

Jan 10, 2017Technology
How To Use GraphQL with Angular 2 (with Example)

​In this article we will tell you about the basics of working with GraphQL in Angular 2 environment with detailed example.

Oct 11, 2010Technology
Testing authentication in Django

In order to check if user is authentcated in test, you can run: