Post To Twitter on Behalf of Another User using Node.js, express, twit, and passport-twitter

Question

Using the Twitter API, I'm trying to post a tweet on behalf of a Twitter user.

I'm using node and the passport-twitter and twit modules.

Some resources:

• I followed this video tutorial NodeJS and ExpressJS: Using Twitter authentication via Passport .
• Sourcecode for the tutorial here .
• Passport-twitter documentation
• twit documentation

I successfully authenticated with passport-twitter following the tutorial above.

I also successfully posted using twit on my twitter developer account.

However, I'm having trouble combining these two things; trying to post to twitter on behalf of another user . For that, I need to get the user's access token and access token secret. Then, I need to make a post request to the Twitter API with that information.

I'm not sure where to put the post request in the passport-twitter code. I tried putting it in the second route which is the URL to which Twitter redirects the user after they have signed in.

   app.get('/twitter/login', passport.authenticate('twitter'))

   app.get('/twitter/return', passport.authenticate('twitter', {
       failureRedirect: '/'
   }), function(req, res) {
     //Post using twit
     //grab access token and access token secret from the request query
       const access_token = req.query.oauth_token;
       const access_token_secret = req.query.oauth_verifier;

       //set the configurations with the access token and access token secret that we just got
       const config = {
         consumer_key:         <consumer key here>,
         consumer_secret:      <consumer secret here>,
         access_token, 
         access_token_secret,
         timeout_ms:           60*1000,  
         strictSSL:            true
       }

       //pass in the configurations
       var T = new Twit(config);

       //post
       T.post('statuses/update', { status: 'hello world!' }, function(err, data, response) {
         if (err)console.log("oops, didn't tweet: ", err.message);
       })

       res.redirect('/');
   })

But I got an error: Invalid or expired token.

I expected it to work because the authentication worked.

This is my first time using OAuth so perhaps I misunderstand how this all works.

Where am I supposed to put the post request?

UPDATE:

I tried posting to my dev account, using my dev account's access token and secret. It worked. Which lead me to believe there is something wrong with the access token and secret for the user.

I think I know partially what's going.

I assumed that the property oauth_verifier found in the request query object was the access token secret.

const access_token_secret = req.query.oauth_verifier;

But now I don't think oauth_verifier is the same as the access token secret. oauth_verifier has less characters than my dev account's access token secret. So it seems that the datatypes are different.

But now I'm trying to figure out where the access token secret is? There are only two properties in the request query object ( req.query );

• oauth_token

• oauth_verifier

Where's the access token secret for the user?

Answer 1

I solved my issue. It was in the documentation for passport-twitter all along. Man, I spent days on this issue.

The strategy also requires a verify callback, which receives the access token and corresponding secret as arguments, as well as profile which contains the authenticated user's Twitter profile.

- from passport-twitter readMe

In the example in the docs , you can see token and tokenSecret in the params.

passport.use(new TwitterStrategy({
  consumerKey: TWITTER_CONSUMER_KEY,
  consumerSecret: TWITTER_CONSUMER_SECRET,
  callbackURL: "http://127.0.0.1:3000/auth/twitter/callback"
  },
  function(token, tokenSecret, profile, cb) {
    User.findOrCreate({ twitterId: profile.id }, function (err, user) {
      return cb(err, user);
    });
  }
));

I read this and saw this before. But assumed this was the the consumer key and consumer secret . I didn't realize it was what I was looking for: the access token and access secret .

So your post to twit would go something like this:

passport.use(new Strategy({
  consumerKey: process.env.CONSUMER_KEY,
  consumerSecret: process.env.CONSUMER_SECRET,
  callbackURL: 'http://localhost:3000/twitter/return'
}, function(token, tokenSecret, profile, callback) {
  const configs = createConfigs(token, tokenSecret);


  // Post to twitter

  var Twit = require('twit')

  var T = new Twit({
    consumer_key:         '...', //get this from developer.twitter.com where your app info is
    consumer_secret:      '...', //get this from developer.twitter.com where your app info is
    access_token:         token,
    access_token_secret:  tokenSecret,
    timeout_ms:           60*1000,  // optional HTTP request timeout to apply to all requests.
    strictSSL:            true,     // optional - requires SSL certificates to be valid.
  })

  //
  //  tweet 'hello world!'
  //
  T.post('statuses/update', { status: 'hello world!' }, function(err, 
  data, response) {
    console.log(data)
  })


  return callback(null, profile);
}));