For awhile I've been looking for a nice Twitter solution for Rails. Sure I could've built something on my own, but I have been mostly looking out of curiosity. The usual suspects were not the greatest, and I couldn't find a lightweight and elegant solution. Then came TwitterAuth, a plugin written by Michael Bleigh. It's made for Rails 2.3, mostly because of the Rails engine use, which is pretty slick and a whole other discussion altogether.
The fun part of TwitterAuth is that it uses oauth but is heavily influenced by the restful_authentication that the rails community has adopted as a very standard / solid way to do user authenticated accounts. What does that mean? that means it uses controller extensions like "logged_in?" and "current_user" so if you already use restful_authentication, this makes total sense.
Install TwitterAuth as a gem, or as a plugin. Remember: you need oauth gem installed as well which is taken care of automatically with the gem install, but will be needed with the plugin instal method.
To quickly get into authenticating your users, goto the gem or plugin directory, and checkout his app directory that comes with it. In there you'll see a user.rb model, a sessions_controller.rb, and some view partials! This is exactly what you'll need, if not the only things you'll need to get your users immediately working with Twitter OAuth. No need to write these yourself, grab these from his examples, and modify as needed. Out of the box they worked perfectly for me.
Don't forget to get your consumer key and secret from Twitter. Remember that if you send direct messages and stuff to twitter, it will come from the user you apply for the twitter key / secret with. Meaning, if you use your FooBar twitter account to signup for the Twitter API key / secret, all direct messages will come from FooBar. I have yet to figure out if we can send them from one specific person who we've authenticated in the past. Should be easy.
To get the key and secret, you'll need to goto: http://twitter.com/apps. This link is so buried, it took me forever to find. That and I hadn't had coffee all day and I was on my 15th hour of working for the day.
Lastly, the OAuth callback is a bit tricky, because if you're working on localhost as a developer, it won't be able to... well, callback, unless you can give it a visible IP. Without getting into tricks and sorcery, I just gave it a fake callback, and copy and pasted the parameters in the GET callback request and appended it to http://localhost:3000/oauth_callback. ; UPDATE: In the API Changeset of April 23rd, 2009, the oauth_callback is deprecated due to security issues, so no more localhost callback. UPDATE: cleaverness of sorcery is actually attributed to joe.
Anyway, hope that was fun, go and authenticate yourself like crazy with Twitter =)
