SuperTweet: Twitter without the OAuth hassle
- 21 October, 2011 09:34
In 2008 (just as the U.S. economy began circling the drain) here in Gearhead I wrote about updating Twitter with cURL, a free, open source, command line utility that allows you to transfer data with URL syntax using, and I quote, "DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP [along with] SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, [user name and password] authentication (Basic, Digest, NTLM, Negotiate, Kerberos ...), file transfer resume, proxy tunneling and a busload of other useful tricks."
In short, cURL is a Swiss Army knife on steroids for data transfers over TCP/IP and is available for just about any OS you can think of, which includes the usual suspects -- OS X, Windows, Linux -- as well as many others including Amiga, Syllable, VMS and z/OS.
So, way back in those heady days when we were all slowly but certainly losing our shirts, you could post a tweet using a command in the form of:
curl -u username:password -d status="I had a chicken sandwich for lunch" http://twitter.com/statuses/update.xml
This method, using basic authentication, worked great and it was easy to arrange, for example, for your machines to use Twitter as a messaging system to let you know when they had problems or completed something. But on Aug. 30, 2010, Twitter stopped allowing access via basic authentication and switched to another method called OAuth or "Open Authentication."
BACKGROUND: Twitter API has new third-party sign-on method
Wikipedia explains that "OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site ... for specific resources ... and for a defined duration. ... This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data."
The concept of separating and limiting access to a service for specific applications by separating that from the user's login is a powerful one. For example, it makes revocation of access for a single application very simple so in the case of Twitter, with so many third-party applications providing alternative ways to access the service, switching to OAuth made a lot of sense.
The only problem with Twitter's switch was that all of the simple ways to update Twitter such as using cURL stopped working once Aug. 30 rolled around. Worse still, getting the likes of cURL to use OAuth turns out to be a real bear. Luckily, there is a service called SuperTweet, which acts as a proxy for applications so they can still access Twitter via basic authentication.
To use SuperTweet you simply sign into Twitter using SuperTweet and authorize the service to have access (the only thing SuperTweet won't be able to do is access your Twitter password). You then provide SuperTweet with some simple details about your application including an email address and the application name and you're good to go ... or rather, good to tweet.
Now SuperTweet can transparently handle OAuth for you and, using the SuperTweet interface instead of Twitter's, you can do most of the things you used to be able to do. Thus, using cURL:
curl -u username:password -d status="I had a chicken sandwich for lunch" http://api.supertweet.net/1/statuses/update.xml
If you are going to be performing a large volume of Twitter transactions you should download the SuperTweet proxy (which is written in Java) and run it on your own server.
SuperTweet is a brilliant idea that works great and solves an otherwise irritating problem brilliantly! I award SuperTweet a Gearhead rating of 5 out of 5!
@quistuipater tweets in Ventura, Calif. Twitter away to email@example.com.
Read more about wide area network in Network World's Wide Area Network section.