As I mentioned earlier this week, with Foller.me beta 3, people now have the ability to follow tweeps directly from the website with a single click, without having to browse to their Twitter profile nor providing us with their Twitter credentials (thanks to OAuth. Read this post if you haven’t: The Importance of Using Twitter API via OAuth).
Now, why not take even more advantage of Twitter OAuth? As mentioned in the documentation and a few tweets by @netik (John Adams, Ops Engineer @ Twitter), due to the high growth of Twitter apps being developed every day, the source parameter in the statuses/update calls will no longer give you the desired result (attaching “via Your App Name” with a link to your website to the tweet). Calls with no source parameter come out as “via API”. Ones with unknown source parameters come out as “from web”. This doesn’t apply to already developped apps such as TweetDeck and Seesmic Desktop and they still use the source parameter via Basic Auth.
So how do I get my Twitter app name listed in the tweets?
And the answer is OAuth. Once you subscribe your app to the Applications Using Twitter page, those guys know about you. They know the name of your application and they know where to link if you post “via” your application. The key here is posting “via” your application. Well, the little “Tweet my profile” link at the bottom of a Foller.me profile (if you’re signed in) is fairly simple. We’ve got an authenticated (via OAuth) user and an OAuth request method:
$oauth->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => 'Test OAuth update. #testoauth'), 'POST');
That will post from the authenticated user via your application. Sweet isn’t it? But, you probably know our Foller.me Rundown feature, which tweets through the @fmrd account. It’s totally automated and uses Basic Auth to post. As I said above, Basic Auth will not give us the “from device” bit in your tweets, so we have to use OAuth. And this is actually what I am after.
There are a few request tokens and token secrets that travel between both servers (Twitter and the client) during OAuth authentication. In general OAuth usage, we store them into our user’s sessions on server. Now what if we store them into our database (or some other place) and when tweeting via @fmrd use THEM instead of starting a new Basic Auth session? This means that I somehow need to send myself (on a closed by .htaccess page or whatever) to the Twitter authentication page with a generated OAuth token, then, whenever Twitter redirects me back to my page, I need to copy the received “request token” and secret and write it down somewhere. I’ll have to dig deeper into OAuth for this, rather than just use a ready-to-go library that works with sessions. I’ll try this method out and write about it next week. It’d be cool if @fmrd could tweet “via Foller.me”.