An improved OAuth 1.0a experience

Friday, 4 November 2011

Ask a developer what the most complicated part of working with the Twitter API is, and there’s a very good chance that they’ll say OAuth. Anyone who has ever written code to calculate a request signature understands that there are several precise steps, each of which must be executed perfectly, in order to come up with the correct value.

One of the points of our acting on your feedback post was that we were looking for ways to improve the OAuth experience. Today, I’m happy to be able to announce that two efforts to make things easier for you have been pushed to dev.twitter.com.

The first is an OAuth tool which will calculate valid authorization headers using your own consumer keys and secrets. This is integrated into the REST API documentation, as you can see in this screenshot of the GET statuses/home_timeline page:

Screenshot of the signing tool on a documentation page

Clicking the “Generate OAuth signature” button in the documentation sidebar will gather the sample request URL and parameters from the current page, and generate an OAuth authorization header using credentials from one of your apps:

An example of a generated signature from the OAuth tool

In addition to the header, you will also see the signature base string used for the request (which can be compared to the output of your own signing code to identify inconsistencies) as well as a formatted cURL command which you may copy and paste to a command line to verify the API call with your own account. We expect that this additional data will make accessing and testing OAuth-protected endpoints much easier.

The second set of improvements involve a greatly expanded set of documentation around OAuth and Sign in with Twitter. From a high level view of authorizing a request, to creating an OAuth signature and obtaining access tokens with Sign in with Twitter, the documentation pages now offer a complete end-to-end path to learn about Twitter’s OAuth implementation.

Screenshot of the navigation dropdown of the new OAuth documentation pages

By putting these additional tools and documentation in your hands, we hope to smooth your Twitter development experience. Questions like “how do I specifically encode this parameter?” and “what is the correct order of parameters in this base string?” are now much more easily answered. And we will continue to roll out updates, so please let us know in this discussion thread if you have any requests for tools or documentation which will make your life easier.