First lets get an oauth_access_token. For OAuth 2 the oauth_access_tokens are short lived and will usually only be valid for a couple of hours. Visit http://abrah.am (or any other @Anywhere enabled site) click on the "Follow @abraham on Twitter" button. This will create a popup where you will log into twitter.com and connect with the @Anywhere application.
|@Anywhere authentication window
*Note that the oauth_access_token can be used by itself to act as your Twitter credentials so don't go slinging it around the internet.
Now you have the oauth_access_token what to do with it? Make HTTP request to api.twitter.com over SSL.
What about POSTs? Yep those work too.
Now lets have a look at a method of getting the oauth_access_token that is similar the standard OAuth flow. Redirect a user to https://oauth.twitter.com/2/authorize with three paramaters:
- oauth_callback_url=http://abrah.am/ - The domain and subdomain must be registered with the Twitter
- oauth_mode=flow_web_client - Twitter should observe a browser redirect flow
- oauth_client_identifier=9QR94sYuXI3j6XkYrr1Ybw - The application's @Anywhere API key
Once the user connects their account with they application they are returned to the oauth_callback_url with an oauth_access_token in the url fragment.
The fragment also contains an oauth_bridge_code which can be used to exchange the temporary 2.0 oauth_access_token for a long lasting 1.0 oauth_token. Subscribe to the RSS feed to get notified when that post is published.
Update: Checkout the post on using Twitter Anywhere bridge codes.
Keep in mind that:
- OAuth 2 access tokens are short lived
- OAuth 2 access tokens are all that is needed to read and write your accounts Twitter data
- Anywhere was launched several months ago and the OAuth 2 spec has evolved a lot since then
- This is an internal authentication method and likely to change in the future
Let me know what you think of OAuth 2 in the comments.