Establishing a Connection
Using OAuth Authentication
Instead of connecting with the provider's embedded credentials, you can register an app to obtain the OAuthClientId and OAuthClientSecret.
When to Create a Custom OAuth App
You need to create a custom OAuth app in the web flow.
Creating a custom OAuth app is optional as the provider is already registered with Twitter and you can connect with its embedded credentials. You might want to create a custom OAuth app to change the information displayed when users log into the Twitter OAuth endpoint to grant permissions to the provider.
Creating a custom OAuth app is optional to authenticate a headless machine; the provider is already registered with Twitter and you can connect with its embedded credentials. In the headless OAuth flow, users need to authenticate via a browser on another machine. You might want to create a custom OAuth app to change the information displayed when users log into the Twitter OAuth endpoint to grant permissions to the provider.
When to Use a Custom OAuth App
Creating a custom OAuth app is required in the web flow. Creating a custom OAuth app is optional for desktop and headless applications; the provider is already registered with Twitter and you can connect with its embedded credentials.
You might want to create a custom OAuth app to change the information displayed when users log into Twitter to grant permissions to the provider.
Desktop Authentication with a Custom OAuth App
Follow the steps below to authenticate with the credentials for a custom OAuth app.
Get and Refresh the OAuth Access Token
After setting the following connection properties, you are ready to connect:
- OAuthClientId: Set this to the client Id in your app settings.
- OAuthClientSecret: Set this to the secret in your app settings.
- CallbackURL: Set this to the OAuth Redirect URL that you specified to use your own OAuth app.
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
When you connect the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:
- Extracts the access token from the callback URL and authenticates requests.
- Refreshes the access token when it expires.
- Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
Authenticate to Twitter from a Web Application
When connecting via a Web application, or if the provider is not authorized to open a browser window, use stored procedures and set InitiateOAuth to manage the temporary OAuth tokens.
Get an Access Token
To obtain the access token, set the following connection properties:
- OAuthClientId: Set this to the ClientId that you received.
- OAuthClientSecret: Set this to the ClientSecret that you received.
With these properties set, follow the steps below to call stored procedures to obtain the OAuthAccessToken:
- Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint, along with the request token and secret.
Go to that URL and log in to authorize the application. Afterwards, you are redirected back to the callback URL.
When you are redirected, the callback URL contains the code query string parameter.
Set the following parameters and call GetOAuthAccessToken:
|Verifier||Set this to the verifier code.|
Connect to Data
Set the following to authenticate your requests for data:
- OAuthAccessToken: Set this to the OAuthAccessToken returned by the GetOAuthAccessToken stored procedure.
Refresh the Token
You can set InitiateOAuth to REFRESH to automatically refresh the OAuth access token when it expires.
To connect to data and automatically refresh the OAuthAccessToken, set the following on the first data connection:
On subsequent data connections, set the following:
Customizing the SSL Configuration
By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
Connecting Through a Firewall or Proxy
To connect through the Windows system proxy, you do not need to set any additional connection properties. To connect to other proxies, set ProxyAutoDetect to false.
In addition, to authenticate to an HTTP proxy, set ProxyAuthScheme, ProxyUser, and ProxyPassword, in addition to ProxyServer and ProxyPort.
Set the following properties:
- To use a proxy-based firewall, set FirewallType, FirewallServer, and FirewallPort.
- To tunnel the connection, set FirewallType to TUNNEL.
- To authenticate, specify FirewallUser and FirewallPassword.
- To authenticate to a SOCKS proxy, additionally set FirewallType to SOCKS5.
Troubleshooting the Connection
To show provider activity from query execution to network traffic, use Logfile and Verbosity. The examples of common connection errors below show how to use these properties to get more context. Contact the support team for help tracing the source of an error or circumventing a performance issue.
- Authentication errors: Typically, recording a Logfile at Verbosity 4 is necessary to get full details on an authentication error.
- Queries time out: A server that takes too long to respond will exceed the provider's client-side timeout. Often, setting the Timeout property to a higher value will avoid a connection error. Another option is to disable the timeout by setting the property to 0. Setting Verbosity to 2 will show where the time is being spent.
- The certificate presented by the server cannot be validated: This error indicates that the provider cannot validate the server's certificate through the chain of trust. If you are using a self-signed certificate, there is only one certificate in the chain.
To resolve this error, you must verify yourself that the certificate can be trusted and specify to the provider that you trust the certificate. One way you can specify that you trust a certificate is to add the certificate to the trusted system store; another is to set SSLServerCert.