kentonv
commented
7 years ago The docs you link appear to be OAuth1, which required that the Authorization header contain a signature generated by a convoluted mechanism. Under OAuth2, the Authorization header is just Authorization: Bearer <token>. In the latter case -- assuming Twitter supports OAuth2 -- you should be able to get access to the API through the Powerbox today by punching in https://api.twitter.com#<token> as the custom URL in the powerbox UI. You will need to obtain an access token manually, which usually involves POSTing to some endpoint and providing your client key, client secret, etc.
Of course, we don't really want users to copy/paste, much less manually obtain access tokens; we'd rather provide a nice UI. I think the right answer here is to add Twitter as another authentication provider. The Sandstorm server admin would need to obtain a client key and secret, but individual users would not. We may want to implement the identities/credentials/personas refactor before we add any more identity providers, though...
ocdtrekkie
zenhack
I had been hoping that the recent powerbox improvements would allow me to write an app that posts tweets through
https://api.twitter.com. My working assumption was that Twitter would let me generate a token from its UI and that I would be able to directly use that token in aBasicorBearerauthorization header on a request to the/statuses/updateendpoint.The situation turns out to not be quite so simple. Twitter's "application only" authorization works more or less as I was hoping, but it only allows access to a restricted subset of Twitter's API, and in particular does not allow tweets to be posted.
Twitter's main authorization scheme is more complicated. (See https://dev.twitter.com/oauth/overview/authorizing-requests and https://dev.twitter.com/oauth/overview/single-user.) Based on my current understanding of it, I can roughly imagine two ways that it might work with Sandstorm.
The user generates their own Twitter "application" through https://apps.twitter.com/ and then generates an "access token" through the UI there. When the Sandstorm grain makes a powerbox request for
https://api.twitter.com, there is a configuration step where the user enters the "Consumer Key", the "Consumer Secret", the "Access Token", and the "Access Token Secret" from their "application". Sandstorm stores these values (encrypted) and uses them to fill out theAuthorizationheader for each request.The Sandstorm server itself is a Twitter "application", similar to how it is a Github application when Github Oauth is configured. In fact, we could make Twitter an identity provider. However, this Twitter "application" will need to be allowed to do more than just read profile information -- we want it to be able to post tweets. Once this is configured, the powerbox request flow should consist of a few easy clicks, rather than the cumbersome copy-pasting in approach (1). Moreover, the user does not need to be instructed about how to configure their own Twitter "application". A downside is that this approach will probably require a lot more work on our end, to get all of the Oauth integration working smoothly.
If I end up pushing forward on my Twitterbot Sandstorm app, I think I'll start with trying approach (1).