Drop-in login functionality for your webapp

Mount this Rack endpoint in your web application to enable user logins through Twitter.

How to use

First, register a new Twitter application (if you haven't already). Check the "Yes, use Twitter for login" option. You can put anything as "Callback URL" since the real callback URL is provided dynamically, anyway. Note down your OAuth consumer key and secret.

You have to require 'twitter/login' in your app. If you're using Bundler:

## Gemfile
gem 'twitter-login', '~> 0.4.1', :require => 'twitter/login'

Now mount the Rack endpoint in your application. In Rails 3 this would be:

## application.rb:
config. = Twitter::Login.new \
  :consumer_key => 'CONSUMER_KEY', :secret => 'SECRET'

## routes.rb
twitter = YourApp::Application.config.
twitter_endpoint = twitter.(:return_to => '/')

mount twitter_endpoint => 'login', :as => :login

## application_controller.rb
include Twitter::Login::Helpers

def logged_in?
helper_method :logged_in?

Fill in the :consumer_key, :secret placeholders with real values. You're done.

It is less trivial to mount a Rack endpoint in Rails 2 or Sinatra. This library was once Rack middleware, and if you prefer to use that, install the 0.3.x version and check out the "middleware-0.3" branch.

What it does

The user will first get redirected to Twitter to approve your application. After that he or she is redirected back to your app with an OAuth verifier GET parameter. Then, the authenticating user is identified, this info is saved to session and the user is sent back to the root path of your website.


Available options for Twitter::Login are:

  • :consumer_key -- OAuth consumer key (required)
  • :secret -- OAuth secret (required)
  • :site -- the API endpoint that is used (default: "http://api.twitter.com")
  • :return_to -- where user goes after login (default: "/")


The Twitter::Login::Helpers module (for Sinatra, Rails) adds these methods to your app:

  • twitter_user (Hashie::Mash) -- Info about authenticated user. Check this object to know whether there is a currently logged-in user. Access user data like twitter_user.screen_name
  • twitter_logout -- Erases info about Twitter login from session, effectively logging-out the Twitter user
  • twitter_client (OAuth::AccessToken) -- A consumer token able to query the API, e.g. twitter_client.get('/1/path')