Android & Twitter - OAuth Authentication Tutorial
I’ve seen a lot of questions about connecting Android apps with Twitter using OAuth and thought I would write up a walkthrough of how it can be done. The example will be done using Twitter4J which is a great library for connecting Java apps with Twitter and provides a simple interface to connect to the public Twitter Web Services.First thing you will need to do is to register your new app (even though you haven’t made it yet!). Do this by heading to https://dev.twitter.com/apps/new (you will need an existing Twitter account sign up). You should complete the form with the relevant details for your app:
You should fill in your details for the application such as name, description, URL – but the only key things to remember to do here are as follows:
1) Make sure you select “Browser” as your application type – even though we are creating an app, we will authenticate using the browser and a callback URL.
2) Tick read & write permissions
Once you have registered you will be provided with a “Consumer Key” and a “Consumer Secret” – make note of these for later – we will need to include these in the app.
Now let’s get started with the app! I will assume for this tutorial that you are familiar with the basics of Android apps so won’t go into details about how to setup the UI and what an Activity or Application is.
The first thing we will do is create an Activity that will prompt the user to login to Twitter and authorize the app to connect to Twitter to make updates. Let’s start with the onCreate method:
@Override public void onCreate(Bundle savedInstanceState) { System.setProperty("http.keepAlive", "false"); super.onCreate(savedInstanceState); setContentView(R.layout.main_oauth); //check for saved log in details.. checkForSavedLogin(); //set consumer and provider on teh Application service getConsumerProvider(); //Define login button and listener buttonLogin = (Button)findViewById(R.id.ButtonLogin); buttonLogin.setOnClickListener(new OnClickListener() { public void onClick(View v) { askOAuth(); } }); }
The first line we set the http keepAlive property – this is important so the app manages the connection correctly without reseting. The next important thing is our call to the checkForSavedLogin() method – this is a method that checks whether the user has previously authorised the app to access twitter, in which case we can just proceed as usual to the default twitter timeline activity (we will have a look at that method next). Otherwise we just initialise the Consumer/Provider and store them in our Application class so they are available to all Activities throughout the application. Then finally we inflate the button on the page and set a listener to call the askOAuth() method on click.
Now let’s jump in to the checkForSavedLogin() to see whats going on there:
private void checkForSavedLogin() { // Get Access Token and persist it AccessToken a = getAccessToken(); if (a==null) return; //if there are no credentials stored then return to usual activity // initialize Twitter4J twitter = new TwitterFactory().getInstance(); twitter.setOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET); twitter.setOAuthAccessToken(a); ((TwitterApplication)getApplication()).setTwitter(twitter); startFirstActivity(); finish(); }
This method calls a method getAccessToken() – all this does is check in the user SharedPreferences to see whether we have stored the users AccessToken previously – if there is no token found it just returns, so the user is left on the authentication activity waiting input.
However, if a token is found, then we initialise Twitter4J Twitter object and store that in our Application class (again, so we can use it throughout the application).
Finally we call startFirstActivity(), which simply calls the default Twitter timeline activity we have and finishes the authentication activity as it is not needed.
So that is all good, if the user has previously authenticated then no probs – however, if no saved token is found the user still needs to authenticate so we need to handle the user action (remember we are calling the askOAuth() method from within our button listener).
Let’s have a look at that method – this is where the authentication is all done:
private void askOAuth() { try { consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET); provider = new DefaultOAuthProvider("http://twitter.com/oauth/request_token", "http://twitter.com/oauth/access_token", "http://twitter.com/oauth/authorize"); String authUrl = provider.retrieveRequestToken(consumer, CALLBACK_URL); Toast.makeText(this, "Please authorize this app!", Toast.LENGTH_LONG).show(); setConsumerProvider(); startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse(authUrl))); } catch (Exception e) { Toast.makeText(this, e.getMessage(), Toast.LENGTH_LONG).show(); } }
First thing we do here is to initialise the Consumer and Provider objects – we are using the Commons OAuth Consumer/Provider (so you need to make sure you copy the following JARs in to your /assets/ directory and then add them to your build path: “signpost-commonshttp” and “signpost-core”).
You will see that the consumer is initialised using to static Strings CONSUMER_KEY and CONSUMER_SECRET – these need to be set to be the key and secret Twitter provided when you registered the app – you should make sure you keep these secret and not reveal them to people.
The provider is then just initialised using the relevant URLs that Twitter provides to authenticate againse.
Next, we call the retrieveRequestToken() method on the provider object, this takes two arguments: the consumer, and the CALLBACK_URL (another static string) we will come back to what this is later.
We then call startActivity with a new Intent using the authenticate URL – this is what will forward the user to the Twitter authentication service for them to securely login and authorize the app to make updates for them.
So now, we have a simple authentication activity, that if the user has never logged on before will forward them on to the Twitter OAuth service – next we need to handle the response from Twitter and if a successful response received, then store the Access Token for future use. This is all done in the onResume() method:
@Override protected void onResume() { super.onResume(); if (this.getIntent()!=null && this.getIntent().getData()!=null){ Uri uri = this.getIntent().getData(); if (uri != null && uri.toString().startsWith(CALLBACK_URL)) { String verifier = uri.getQueryParameter(oauth.signpost.OAuth.OAUTH_VERIFIER); try { // this will populate token and token_secret in consumer provider.retrieveAccessToken(consumer, verifier); // Get Access Token and persist it AccessToken a = new AccessToken(consumer.getToken(), consumer.getTokenSecret()); storeAccessToken(a); // initialize Twitter4J twitter = new TwitterFactory().getInstance(); twitter.setOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET); twitter.setOAuthAccessToken(a); ((TwitterApplication)getApplication()).setTwitter(twitter); //Log.e("Login", "Twitter Initialised"); startFirstActivity(); } catch (Exception e) { //Log.e(APP, e.getMessage()); e.printStackTrace(); Toast.makeText(this, e.getMessage(), Toast.LENGTH_LONG).show(); } } } }
First thing, the method checks that the intent that has called the onResume is the expected intent, and then pulls out the verifying string from the callback URI – it then uses this string to retrieve the access token. Once we have called the retrieveAccessToken() method, we can initialise an AccessToken and store it. Next we initialise the Twitter4J object with the CONSUMER_KEY and SECRET again and then set the Access Token – once this has all been setup we just start the first activity as normal.
Once the user has authenticated they will be forwarded to the their friends timeline!
Now, the only thing remaining, is that we need to tell the app that once Twitter has finished authenticating that it needs to return to our Authentication Activity to call the above onResume method, or else it won’t be able to continue. To do this, Twitter will attempt to use the CALLBACK_URL we saw earlier. If you remember, when we requested the token from Twitter we passed in the CALLBACK_URL. I have previously defined this as follows:
private String CALLBACK_URL = "callback://tweeter";
The name of the callback is up to you (I have named it “tweeter”), what is important is that this matches the callback you define in your Manifest XML. For the welcome activity (our Authentication activity) it needs to be defined as follows:
As you can see, we have defined an intent-filter with a scheme called “callback” and we provide the host name as “tweeter” – matching that used to call the Twitter service.
And thats it! The user has been authenticated and returned to our application correctly, so it can now continue to read timelines, post tweets, retweet, etc.
The complete source code of the application is available here (NOW ON GITHUB!), please note that I have removed my own CONSUMER_KEY/SECRET details, so to make this work you will need to register your app and populate with your own details to see it work in your emulator/device.
71 comments: