Django Register with Oauth – Twitter

Before we begin, read the overview / disclaimer. Now for Twitter…

For this tutorial you’ll need to install Tweepy.

First off, ensure that you have registered your application with Twitter and have created the following in your settings file:

1) Create the redirect URL

The first step in the oauth handshake is to redirect to Twitter with the oauth token (generated when the request token is fetched below):

2) Redirect to provider’s site

This url can now be used to redirect to Twitter (i.e. HttpResponseRedirect(url)):

3) Handle the response (approved or denied)

Once the user makes their choice to approve or deny, Twitter will redirect back to your redirect_url. You will need to verify the user approved the application:

If any of the above tests fail, we can safely assume the user either arrived at this page directly (i.e. by typing in the URL) or they denied the application. Either way we don’t want to proceed and should redirect them to the start of the registration flow (i.e. HttpResponseRedirect(reverse('register'))).

4 & 5) Get an access token and the user’s profile

At this point the user has authorized your application but you don’t have actual access to their data yet. To get that you’ll need to request an access token. Notice that we’re saving the access token to the user’s session as we don’t want to request it more than once during the registration flow.

Once you have the access token, you can then make the request for the user’s profile data:

One thing to notice is that a custom parser is being used to get the raw json data coming from Twitter. Here’s what that parser looks like:

That’s it! You can now use the user’s profile information to pre-fill a registration form, perhaps skipping over fields where you already have a required value such as an email address or first and last name. Just be sure to save their Twitter ID along with their profile so you can use it validate them in the future. You should also save the access token key and secret so that you can make future requests to the API for this user. Note that Twitter does not currently expire access tokens like other providers.

In a future post I’ll be looking at how to detect an already registered user as well as provide a login with this provider button.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s