One of the major reasons I joined Twitter over a year ago was the ability to easily subscribe to Tweets, based on search terms I sent over my cell phone or IM client.  Due to scaling issues and load on Twitter as they grew, Twitter removed that ability shortly after Scoble and I visited them last year.  Twitter called it “Track”.

It was simple functionality.  I send “track keyword” to 40404 on my mobile phone, and immediately any Tweet with that keyword would be sent straight to my mobile phone (or IM client if I had it set correctly in my preferences).  It was very useful.  For instance, if I wanted to know every happening at the time going on at Sundance here in Utah, I would simply “track sundance” and all those Tweets would be delivered to me, as they happened.  I could do the same with my name, my brand, or my favorite technologies.

Twitter may have removed that functionality last year, but just over a week ago, they finally released API methods to make the real-time searching of keywords and search terms available again via their limited streaming APIs available in Alpha right now.  The API method is conveniently called “track”.  On June 12, John Kalucki, developer behind the real-time streaming APIs Twitter is now providing developers described it on the Twitter developers mailing list as such:

“The /track resource allows searching the Firehose stream for a list of keywords. This resource may be a useful adjunct to the Twitter Search API. While the predicates are less powerful than the SearchAPI, results are streamed continuously and with low-latency. For common keywords, a more complete set of results can be delivered than is possible by polling the Search API. Consult the Streaming API documentation for limits and details: http://apiwiki.twitter.com/Streaming-API-Documentation.”

Put in simple terms, developers now have access to take a list of keywords for a specific Twitter user, and have Twitter deliver any Tweet that meets those search terms in real-time back to the developer’s app.  That means Push notifications via iPhone applications on the new iPhone 3.0 firmware are now possible, any company utilizing SMS can easily deliver terms via SMS again, and more.

Because the Streaming APIs are in limited Alpha, only certain developers will be allowed access, but I fully expect to see this integrated in the near future.  I expect to see this especially as the code solidifies and moves out of Alpha, into apps such as TweetDeck, Tweetie, and Seesmic Desktop.  Twitter users everywhere can rejoice, as their most requested and most favorite feature taken from Twitter has just been found.

Twitter Tracker logo courtesy NBC Tonight Show.

Just recently Twitter began the much-needed stance to suspend users practicing the controversial “Twitter Game” (as I call it).  On the Twitter developers mailing list, Twitter developer Doug Williams told me yesterday that users who “use software to constantly churn followers in a repeated pattern of following and unfollowing will … risk suspension.”  This new rule was confirmed to me by several other Twitter users that Twitter customer support is also confirming that this is happening.

The “Twitter Game” was the topic of a podcast I participated in a few months back with Lucretia Pruitt and Jim Turner hosting. The practice centers around following as many people as you can (up to the 1,000 users per day limit that Twitter has imposed), continuing such practice until the ratio of following 10-20% more than those following you is reached.  Then users would unfollow the users that don’t follow them back.  This practice increases the number of followers of any particular user, theoretically providing a much larger reach for the user or brand doing such.  Other similar techniques involve using tools such as Twollo and Hummingbird to find new people to follow that might follow back, and share links under multiple accounts with those individuals.

With Twitter taking a stance against this practice, this means no longer will users be able to quickly inflate their numbers and get around the ratios Twitter has put in place to keep this “gaming” from happening.  From users I have talked to, some over major brands, some are not happy.  The threat of suspension will come welcome to those getting tired of meaningless followers however.  While not a welcome sight to some, it is simply a change in “Game”.  Users will need to adapt and use more effective methods of gaining new followers, such as maybe, providing good content?  Regardless, I expect people to continue to find new ways to game the system.  We’ll see if Twitter can win this “Rat Race”.

I posted this over on the Twitter developer mailing list to try and get a discussion going. I thought I’d post a copy here for my readers to discuss - maybe you have more ideas than I do. I want to make it clear that I do not condone what some users of SocialToo are doing to gain Twitter followers. Will I stop them? I can’t - as long as Twitter allows them to do it, I can’t make a decision one way or another on who is doing this and who is not. No matter what, I have to respect my users, and most (almost all) of them are using Twitter for legitimate reasons. I do think changing the limits to what I suggested in the e-mail (below) will fix the problem Twitter is trying to solve though:

Let’s discuss the follow limits. I feel, as developer of a tool that allows people to auto-follow, I have a bit of insight into this. While there are many, many legitimate users that auto-follow others, and have good reason to do so, some are using it as a way to game the system, build followers quickly, break the Twitter TOS, and reduce the meaning of follower numbers for many other users just using the service legitimately. I see this daily, amongst a few of my own users, and while, due to our privacy policy I can’t share who they are, I do have some suggestions that would make the API follow limits make a little more sense. Maybe you guys can provide more insight.

@Jesse

Feel free to chime in on the developers mailing list, or let’s discuss here - what suggestions do you have? Are there any holes in my proposal?

I’m completely stumped by the recent media blitz by Twitter co-founders, Ev Williams, Biz Stone, and Jack Dorsey.  They seem to be traveling the nation like rock stars, willing to say anything and everything about whatever the media wants to hear, as their service sits broken on the sidelines and the world wonders where their much needed Twitter has gone, or why their favorite app is down.  Hey, it’s not my company though, so I’m sure they have their reasons, and good for them for enjoying and celebrating their success.

But then we see statements like that of Jack Dorsey, a reputable coder like myself, and someone I highly respect, stating, “I think Twitter’s a success for us when people stop talking about it, when we stop doing these panels and people just use it as a utility, use it like electricity…It fades into the background, something that’s just a part of communication. We put it on the same level as any communication device. So, e-mail, SMS, phone. That’s where we want to be.”  Of course he’s saying this while his co-founders are touring the nation, visiting Oprah and Ashton and every major News outlet on the planet trying to get people to talk about Twitter.  The thing is, I don’t care how useful Twitter is or has become (Despite the negatives that I’ve written about Twitter, I’ve written just as many positives), Twitter will never become a “Utility” until they open up a little, and I don’t just mean from a PR perspective (actually, I don’t mean that at all). I mean from an architecture perspective.

My friend (and fellow LouisGray.com co-writer), Rob Diana, thinks that Twitter is on its way to becoming infrastructure.  I’m not arguing that’s not possible.  In fact, I really think Twitter has the masses to make that happen.  However, to make it the caliber of a “Utility”, or like “Electricity”, to me seems far-fetched when in the end, there is always a Twitter brand wrapped around it and no way for the public to have any control of that data.  Until they remove those chains, Twitter is and always will be just another communications Service, not a Utility.  Twitter will never blend into the background until they open up some.

Let’s look at some example utilities:

Electricity

We’ll start with the most obvious.  Electricity is a natural force.  It can only be created by utilizing existing energy.  Various “Utilities” have found ways to harness this energy to create this electricity and deliver it to your home.  However no single company owns that electricity, and each company is using the existing, open, laws of physics to harness and deliver such electricity to your home.  No single company controls how electricity gets created or delivered.  In fact, depending on your own local laws, you could even create your own electricity, and live independent from any single “Utility” company that also provides such service.

Water

Water is very similar.  Each company provides a “service” or “utility” around cleaning the water supplies and routing them to your home.  However, there’s nothing stopping any individual (other than government) from collecting their own water, and purifying it themselves for consumption.  It’s bound only by the laws of Physics, and lives on a completely open model.

Phone

Perhaps even closer to Twitter’s turf than Electricity, the Phone is an open communications process.  A “utility” company delivers the lines to get a signal from the sender’s phone, to a routing operator, and over to the recipient.  However the underlying technology sending a phone’s signal from sender to recipient and back is not proprietary to any one single company.  It’s simple Electricity (there’s that word again) and open protocols, and based on completely open (the most open) standards, bound simply by the laws of Physics.

So how in the world can a company like Twitter become like “Electricity”, flowing as the infrastructure of communication with little to no knowledge of those using the service?  It comes down to the laws of Physics.  Twitter needs to stop making the rules.  They need to open up 100%, open up their code-base, release a protocol, and start letting people run their own Federated Twitter servers that can be run in any environment, speak the same protocol, and in essence, be invisible to those using the service.  Twitter’s current model will never take them there.

Google’s leading the way here with Wave.  The funny thing is Google employees aren’t going around bragging that their service will become like “Electricity” (okay, well maybe their name kind of implies that).  What will happen is that you’ll be familiar with the Wave Product, which will become like Gmail and many, many users will use it since Google was first-to-market.  However, what most users will not be aware of is that the way they communicate elsewhere will also be powered by Google Wave technology.  Google Wave is also a Protocol, and built on an Open-Source Architecture.  You’ll be able to run your own Wave servers, or even write your own services that speak the Wave protocol.  Your users will never even know their communication went through a Google product.

I’m afraid Twitter has some serious competition as long as they want to become a Utility and Google Wave is in open development.  Because they’ve waited to enter the Open arena, Google may just beat them to the punch on the “Utility” game.  Jack Dorsey’s a smart guy.  Twitter’s a great and powerful platform.  However, I’m afraid they’re focusing too much on the platform and the product and not enough on what should really be the “Electricity” of their system - the communication.

Twitter, it’s time to open up guys.  I’m itching to use some of that “Electricity” of yours.

WSJ today reported that China has blocked Twitter.com, preventing its 1.3 billion citizens from potentially accessing the site.  Iain Dodsworth, developer of TweetDeck, was quick to point out however (which I noticed on FriendFeed ironically) that his service is still reportedly accessible in the Mainland.  I’ve said it before, and I’ll say it again - Twitter, you need your own desktop client!

With everyone up in arms over how Twitter will monetize and when it will happen, there has been one obvious missing link from the start.  Twitter has never had control over how Tweets get to the users.  They themselves have admitted the API gets used much more than their own Twitter.com site gets used, showing, to me, that there is a way, currently, Twitter could be monetizing.  Twitter has made it clear they do not intend to advertise through Tweets, which would almost certainly be rejected by their current user-base, already annoyed by the abundance of spam on the site.  What Twitter could do however, that is assuming they have control over the main methods users receive Tweets, aka their desktop clients, is insert ads into such a desktop client and their own website, unobtrusive to users.  Users will probably not even care at such ad placement, considering Google gets away with it, Yahoo and Microsoft do within their own search products.

Other Monetization Strategies

According to a recent TechCrunch article, Iain Dodsworth himself is already looking to monetize via this method.  His method doesn’t even involve advertising, and maybe, in a world where advertising is beginning to prove ineffective, his method has even more potentially lucrative than the one I mention.  His method is, according to TechCrunch, to charge developers looking for integration into TweetDeck for integration into the product.  I think this is a great idea, and something that, with the popularity of TweetDeck, will prove quite profitable for him in the end.

Twitter could be doing this as well and perhaps even more effectively with the strong developer platform they have built.  Add to that ability to integrate directories of applications into such an application enable featured app listings, along with perhaps an advertisement here or there Twitter could very quickly become profitable just by having control of such an application.

Why TweetDeck is a Good Choice

This isn’t meant to begrudge any of the other apps I enjoy and use.  The fact is that TweetDeck is the most popular and most used Desktop app for Twitter right now (even though we can’t prove that at the moment thanks to Twitter API issues).  It has the most users and most adoption - it would be the quickest barrier to entry, and clearly has features their users like, as they seem to continue using the app.

Considering deals are already being made to monetize the application, and considering, based on the recent investment of $500,000 into the company, comparatively speaking to the amount of money Twitter claims to have, TweetDeck shouldn’t be that expensive for Twitter to buy at the moment.  Now’s the time Twitter. I wouldn’t wait much longer, as TweetDeck is about to become a whole lot more valuable.

More Distribution Options

Considering the recent issues in China, were Twitter to own the distribution channel, let’s imagine it’s TweetDeck, they would still have control of what goes out to China, and how to monetize off of those users.  Currently, TweetDeck, and any client for that matter, have no devotion to Twitter - it’s just the first service they’re servicing in a long line of other services they’re also adding to their clients.  Twitter should own this opportunity, and where they are claiming to be the next “AP”, if they’ve learned anything from the News organizations (I’ve worked in this industry), they need to control the distribution and not just the content.

I think Twitter is giving up an important opportunity by not having control of the desktop.  I could probably say the same for the mobile phone (especially the iPhone).  Perhaps their fear is that it would introduce unfair competition for the other desktop clients out there, but I don’t see any reason the other clients can’t compete as well, if not more than Twitter would provide anyway.  This simply provides an important distribution platform where they would be provided many more monetization opportunities.  I think it’s win-win.

Now, to get the guys at Twitter to start reading my blog…

The buzz has been swirling around the Twitter developer-sphere about a bug that has been going on for almost a full day now.  Louis Gray reported it first at around 12am MST last night, and the first post to the Twitter development mailing list went up at around 2am MST last night.  But Twitter is no where to be found, and it’s really starting to hurt some developers.  So much that the very popular TweetStats, by Damon Cortesi has completely had to shut down until the service is re-enabled.

The bug is surrounding the display of the source app via both the API and in the Web UI showing which application a Tweet has come from on Twitter.  Currently, according to TweetStats, 100% of the messages on Twitter are displaying they are coming from the Web.  Developers and bloggers are complaining but no one is being heard.

In fact, according to Twitter, both Evan Williams (founder of Twitter), and Alex Payne (Twitter’s API Lead) are both in Maui on unrelated trips (Alex’s is for vacation - it’s unclear why Ev is there), posting pictures of the frozen drinks they are having and talking about the massages they are getting.  Alex even stated he doesn’t have his laptop with him.  Of course I don’t expect him to be reading this, and I congratulate him for being able to have some very deserved time-off–but what do we do when the API goes down?

Twitter developers have asked repeatedly for a paid API service which they can be guaranteed more up-time and more API access, along with a higher tier of support.  Even Iain Dodsworth, the developer behind TweetDeck has mentioned in conversations on FriendFeed that, with unlimited API access, they would be able to deliver some of their “dream functionality”, and would “pay a lot” for such.  As the developer behind SocialToo, I firmly agree with his statement - it would be a cost-savings for me.  Regardless, there is still no good way to get Twitter support when their API goes down.  Developers need some sort of Emergency Response System, and I think Twitter should charge for this level of service.

In times where developers’ apps go down many livelihoods are at stake.  Money is not being made, and with a very poor support system by Twitter as is, and no way to guarantee support during such circumstances, developers are putting a lot on the line writing for such a service.  Currently, the only means is via the Developer mailing list, and as we can see there is yet to be a response from Twitter via that means, and at least one entire application has been put out of business because of the issue.

Will there be a time we can see a prioritized service from Twitter that developers can pay for and guarantee service?  I think with today’s example this option has just become a lot more important.  The free service simply isn’t cutting it any more.

What do you think Twitter should do?

I’ve mentioned multiple times I’m a fan of multiple Twitter clients. I’m a big fan of TweetDeck due to its Twitter and Facebook support, the TwitScoop support, and groups and saved searches support. It’s also pretty stable and doesn’t kill my computer when I use it. I’m a big fan of Seesmic Desktop because it has group support and multiple Twitter account support (along with Facebook support). I love Tweetie because of its simplicity, lack of memory usage, native support for the Mac, and the iPhone version I like for the same reason.  I also love CoTweet for its easy management of Twitter from a business perspective.  However, I think you’ll be surprised to learn that I rarely use any of them any more. My new preferred Twitter (and even FriendFeed) client: Gmail.

Let’s face it, whether I follow all those that follow me and segment out my favorites into groups (in a client like TweetDeck or Seesmic), or if I only follow a select few, my responsibility is still the same. I need to know what is said about me, my brand(s), and any other interesting things people are saying that I need to know about. Frankly, I can’t do this effectively while only tracking the small numbers of people I follow using one of the traditional Twitter clients. There would still be people talking about me, or the topics I’m interested in elsewhere, whether I follow them or not. The whole follow/friend game is incredibly ineffective for this reason, regardless of the method you use - it’s one of the reasons I just auto-follow. At least you can DM me if I let those that follow me do so by following them back. I decided I needed a better solution.

As it turns out, Twitter search (when it works) is fairly effective at catching what I want to hear on Twitter. I can search for @mentions of my name, my old Twitter account, misspellings of my name, my company, topics I’m interested in hearing about, and more. It returns the data I want. The problem with that is that I have to keep checking back for it, and there’s no really good way to save searches. I could do it in TweetDeck or Seesmic Desktop, but even with those I need to continue checking to be effective. I think that’s a waste of time. Why not make the Tweets come to me?

Yes, there’s an App for that. Michael Jensen (@mdjensen on Twitter), a Twitter, FriendFeed, and iPhone developer (and Perl developer!) is the author of a site called TweetBeep. Louis Gray turned me onto it, as this is also one of the ways he tracks mentions of his name. All that needs to be done is to sign up for an account on TweetBeep, provide your Twitter credentials, and specify search criteria you want it to search for on your behalf.  You can create as many alerts as you like, and it’s 100% free! Specify the frequency of the alert (hourly or daily), and now all mentions of the terms you want it to track, including mentions of your Twitter username, brand(s), name, and more will all be delivered to your e-mail inbox. It will also track domains, and automatically un-shorten various URL-shortening services so you can also track mentions of your domain name.

So now, with TweetBeep I am no longer regularly checking my Twitter client of choice to see if anyone else has said something I might be interested in. I have those delivered to me, in batch, via e-mail, and I have saved myself a ton of time doing so! Because of my use of Gmail and TweetBeep to manage Twitter for me I am very rarely needing to check Twitter any more. Now, if I could just break the habit of checking it anyway!  I guess you could say I now truly follow, and listen, to millions of people - I just now have a way to sift through the noise.

Tomorrow I’ll be sharing how Gmail is also my FriendFeed Client - you’ll like this one so stay tuned…

For the non-developers in my readership, I’m going to get a little geeky on you here. So you can either tune this one out, or pass it onto your IT staff for use in their applications. I promise much more on the “Social” side here shortly. Or, maybe you’ll learn a little Perl.

For those not in the loop, my company, SocialToo.com codes in Perl, a powerful language that gives me the ability to abstract what I need at a very high level, or get down to the nitty-gritty if needed to in order to improve speed or communicate with other core Unix libraries and tools. To me, it’s a very powerful and important language that enables me to get done what I need to do without having to hire developers that know multiple languages. It’s also an amazing scripting language, and powers many of the scripts we run on the backend of SocialToo.

One of Perl’s weaknesses however is that it has never been very strong in the marketing department. For this reason, it is some times (and some times not) one of the last on the priority list for companies like Twitter when developing libraries to integrate with their API. Fortunately it has a very strong group of developers contributing to its very unique directory of open source libraries, CPAN.

Recently we launched a beta OAuth implementation on our Forgot Password page on SocialToo, which uses Twitter OAuth to identify a user and allow them to change their password based on their Twitter authentication. Fortunately with Twitter, we were able to use Net::OAuth, Perl’s OAuth libraries on CPAN, to connect with Twitter’s OAuth implementation. There were some tricks, so I’d like to share that here. It’s my hope that maybe at some point I can package this up at a much higher level to make the process even easier for Perl developers to use Twitter’s OAuth to authenticate.

Perl and OAuth - the basics

First of all, you need to understand the basic flow of the Twitter OAuth process. There are official OAuth terms for this (consumer, service provider, etc.) supposedly to make understanding the process easier, but for our purposes those terms really don’t matter. If you really want to learn more about that stuff, go over to OAuth.net and take the tutorials. What matters is that you get the Access Token you need, which you can use any time later to make requests to Twitter, such as authenticating the user, getting the user’s timeline, their profile info, friends, followers, and more. The entire goal of Twitter OAuth from a development standpoint is to get that Access Token. So here are some basic terms you need to know:

Token - a string of hashed data given to you as a unique ID to identify your application, and the user trying to use your application by Twitter. See below for the types of tokens you’ll need to get from Twitter and when.

Request Token - The token you get from Twitter before redirecting the user to authenticate with Twitter. If the user’s authentication is successful, Twitter creates an access token which identifies the user and associates them with your application. You can then access that access token later by sending another request after the user has authenticated with the request token and the request token secret key (defined below).

Request Token Secret - A string of hashed text, which only you (the developer) will ever see or use. You retrieve this when you get your Request Token, and will need to pass it with your request token when you request to get an access token. Consider this your password when trying to get an access token. Your Request Token is your ID for Twitter to identify your request with to verify the user authenticated successfully and your application has permission to access Twitter.

Access Token - Once you have your Request Token, your Request Token secret, and the user has authenticated successfully, and assuming your application has been given permission by Twitter to access the Twitter API, you can then make a request to Twitter to get your Access Token. You send Twitter your Request Token and your Request Token Secret, and the response returns your Access Token and an Access Token Secret Key for access to the Twitter API. This is a permanent key at the moment that you can use any time later. Store this in your database or a file or elsewhere once the user has authenticated and you’ll be able to authenticate on their behalf from that point on (assuming you have set your app up to do such on Twitter.com). After you have your Access Token, you can make requests to Twitter, via Net::OAuth, which perform any of the methods found via the API by sending Twitter your Access Token and Access Token Secret with the request. Use JSON::Any to parse the resulting JSON returned.

Access Token Secret - The secret key to pass with an Access Token when making API calls to Twitter. Consider this the password that goes along with the ID, which is the Access Token. Twitter looks up the Access Token ID, verifies the user is authenticated, and then checks that you also have a valid Access Token Secret Key. If both are correct and valid Twitter will send back the data you need to access the Twitter API.

Twitter Consumer Key - The unique ID of your application as identified by Twitter - you can get this in your OAuth set up on Twitter. You use this when asking for your Request Token.

Twitter Consumer Key Secret - The “password” to go with your Twitter Consumer Key when asking for your Request Token from Twitter. Twitter looks up your application by it’s ID (Consumer Key), and verifies it’s you by checking your Consumer Key Secret.

Flow of a Simple Twitter OAuth App in Perl

To understand what we’re doing, you’ll need to understand the order of things you’ll need to do in order to fully access the Twitter API through OAuth. This Flow, in plain english, should outline that process, and from here you should be able to adapt the code I provide for any use:

1. Send a GET request to http://twitter.com/oauth/request_token asking for a request token from Twitter, and passing your appropriate Consumer Key and Consumer Key Secret to identify your application.
2. If Twitter identifies the Application as legit (and isn’t down), parse out the request token and request token secret from the content of the returned page by Twitter. Here you’ll want to store that request token and request token secret somewhere, as you’ll need to access it again after the user returns back to your site from Twitter.
3. Redirect to http://twitter.com/oauth/authorize, appending “?oauth_token=YOUR_REQUEST_TOKEN_GOES_HERE” to the URL, replacing YOUR_REQUEST_TOKEN_GOES_HERE with the request token you just got from Twitter. There is no need to send the Request Token secret at this point - this is simply to identify that you have received a request token from Twitter, and so Twitter can identify the user’s authentication (successful or not) with that Request Token.
4. The user authenticates on Twitter (if not already authenticated through Twitter - if they want to authenticate through a different user they can do so here as well by logging out and re-authenticating).
5. The user is given the option to “Allow” or “Deny” the request by the Application to access their account information on Twitter.
6. Twitter then redirects back to the Callback URL you set up in your OAuth set up on Twitter.com - you’ll want to note this so you can write code at the location Twitter redirects to that gets the response token.
7. Your Callback URL takes the Request Token from earlier, and Request Token Secret from earlier, and sends them to http://twitter.com/oauth/access_token to try and get an Access token. Twitter verifies that the user has authenticated successfully, that they have allowed your application to access their account, and that your Application is valid. If so, you’re returned a successful response from Twitter.
8. You’ll want to parse out the Access Token, and Access Token Secret from the returned page, and store them somewhere with that user so you can access Twitter on their behalf later. Or, do something right then and there! You have all you need now to use the Twitter API for that user under OAuth.
9. At this time is when I would authenticate the user if needed, making an OAuth request to access http://twitter.com/account/verify_credentials.json. To do so just send the request via Net::OAuth, along with that user’s Access Key and Access Key Secret (which hopefully you can retrieve from somewhere since you stored it somewhere earlier), and Twitter returns the data back as JSON-formatted data (or XML if you specified verify_credentials.xml) you can then parse out as necessary. You can do the same with any method in the Twitter API.

Example Code

Alright, now onto the juicy details. Assuming you’ve already set up an OAuth Twitter App under your settings tab on Twitter.com, and have your Consumer Key and Secret, you should be set to go. You’ll need to install Perl’s Net::OAuth (and any dependencies) via:

perl -MCPAN -e "install Net::OAuth"

Now, let’s get the Request Token. To do so, I’ve created a simple OAuth Accessor method to do all my OAuth handling. I use Catalyst as my MVC Framework, so all the $c and $self references refer back to the Catalyst environment. I’ll leave that up to you to figure out, or you could always try out Catalyst! So first, let’s set up this method:



=head2 oauth_request

Sends a generic request to the specified url

=cut

sub oauth_request : Private {

 my $self = shift;
 my $c = shift;
 my $i = {
  ’type’ => ”,
  ’url’ => ”,
  ’extra_params’ => {},
  ’token’ => ”,
  ’token_secret’ => ”,
  ’method’ => ‘GET’,
  @_,
 };

 my $request = Net::OAuth->request($i->{’type’})->new(
  consumer_key => $c->config->{’twitter_consumer_key’},
  consumer_secret => $c->config->{’twitter_consumer_secret’},
  token => $i->{’token’},
  token_secret => $i->{’token_secret’},
  request_url => $i->{’url’},
  request_method => $i->{’method’},
  signature_method => ‘HMAC-SHA1′,
  timestamp => time,
  nonce => join(”, rand_chars(size=>16, set=>’alphanumeric’)),
  extra_params => $i->{’extra_params’},
 );

 $request->sign;
 $c->log->debug(”URL: “.$request->to_url);

 $c->log->debug(”Request: “.Dumper($request));

 my $ua = LWP::UserAgent->new;
 my $response = ”;
 if ($i->{’method’} eq ‘GET’) {
  $response = $ua->get($request->to_url);
 }
 else {
  $response = $ua->post($request->to_url);
 }
 $c->log->debug(”Response: “.Dumper($response));

 return $response;

}

Basically, all this does is create a new Net::OAuth request object, signs it, and then sends it via a GET or POST request (via LWP) back to the specified URL. This method will handle all our OAuth requests. You’ll need to modify it to match your environment and configuration variables (like the consumer key and secret).

The token and token_secret variables can be either a request token, or access token (and secret), or neither. You won’t need to pass either when you’re trying to get your request token obviously. “type” will define what type of request it is you’re making - it can be either “request token” (to ask for a request token), “access token” (to ask for an access token), or “protected resource” (when accessing private data for a user from the Twitter API on their behalf). The “url” variable specifies the Twitter URL to request, based on the type of the request. You can get these from your OAuth settings page for your app on Twitter.com. Dont’ worry about the rest - that’s all used to generate the signature sent to Twitter with all the data you just gave it.

Now that we have that, we can make our requests to Twitter.  We’ll need to start with getting our Request Token.  We’re of course assuming this is the user’s first time authenticating through your App.  Here’s how we’ll do that using the above method:

$c->log->debug(”getting request token…”);

my $res = $self->oauth_request($c,
 ’url’       => $c->config->{’twitter_request_url’},
 ’type’      => “request token”,
);

$c->user_session->{’oauth_redirect_url’} = uri_escape($c->req->param(”redirect_url”));

if ($res->is_success) {
 my $response = Net::OAuth->response(’request token’)->from_post_body($res->content);
 if (defined $response->token) {
  $c->user_session->{’request_token’} = $response->token;
  $c->user_session->{’request_token_secret’} = $response->token_secret;
  my $auth_url = $c->config->{’twitter_authorize_token_url’}.”?oauth_token=” . $response->token;
  $c->res->redirect($auth_url);
  $c->detach;
  return;
 }
}
else {
 $c->log->fatal(”Something went wrong.”);
 # expire request tokens each time they are used
 $c->user_session->{’request_token’} = ”;
 $c->user_session->{’request_token_secret’} = ”;
}

In this example, we ask for a simple request token from Twitter to the request token URL we were given by Twitter in our OAuth settings. In this particular example (it may not be needed by yours), we allow the user to pass a redirect URL to our application via a “redirect_url” parameter in the URL. We store that in the session for later use so we can pass the user onto somewhere else if needed. You could store this in a cookie, a session, a file, or database - it’s up to you, and won’t be necessary if you never need to redirect the user later.

Assuming your app has been authorized to connect to Twitter with the Consumer Key specified, you should get a successful (200 OK) response back from Twitter. You’ll then need to parse out the Request Token and Request Token Secret keys from the response. You can do so by passing the returned content through Net::OAuth->response(’request token’)->from_post_body() as specified.

Once you’ve got that token and a secret key for it, you’ll want to store it somewhere for later use. Twitter doesn’t give it back to your app later, so you’ll need to put it somewhere. In this example we store it in the Catalyst Session for the particular user’s session. You could store them in a cookie, session, file, or database, but you’ll need to put them somewhere. You’ll need this later.

Finally, we need to redirect the user to authenticate and authorize your App on Twitter. You send them to the authorize URL Twitter gives you in your App settings page when you set up OAuth, and append, “?oauth_token=”, followed by the Request Token you just received. Also note the error checking we do - don’t forget to cover your bases!

The user will get sent to Twitter, authenticate, and authorize your App. Finally Twitter will redirect the user back to your callback URL that you specified in your App’s settings when you set up OAuth on Twitter.com. In that URL’s logic, you’ll need to do something like the following:


$c->log->debug("request_token: ".$c->user_session->{'request_token'});
$c->log->debug("request_token_secret: ".$c->user_session->{'request_token_secret'});

my $res = $self->oauth_request($c,
 'url' => $c->config->{'twitter_access_token_url'},
 'type' => "access token",
 'token' => $c->user_session->{'request_token'},
 'token_secret' => $c->user_session->{'request_token_secret'},
);

if ($res->is_success) {
 my $response = Net::OAuth->response('access token')->from_post_body($res->content);
 $c->user_session->{'access_token'} = $response->token;
 $c->user_session->{'access_token_secret'} = $response->token_secret;

 $c->log->debug("redirect_url: ".$c->user_session->{'oauth_redirect_url'});
 $c->res->redirect(uri_unescape($c->user_session->{'oauth_redirect_url'}));
}
else {
 $c->log->fatal("Could not get an Access Token: " . $res->as_string);
}

# expire request tokens each time they are used
$c->user_session->{'request_token'} = '';
$c->user_session->{'request_token_secret'} = '';


At our callback URL, our main goal now is to get that Access Token. We’re assuming the user has authenticated and approved the app. We know the request token and request token secret, but do not yet have an Access Token for the user. Let’s hope you stored the Request Token and Request Token Secret for that user somewhere. You’ll need it here.

To get the Access Token, you’ll need to send an access token request to Twitter, to the URL specified in your settings where you set up OAuth for your App on Twitter.com. In addition, you’ll want to pass into it the Request Token, and Request Token Secret we stored earlier. In this case we stored it in the session, but you’ll need to retrieve it from wherever you stored it earlier.

If your request is successful, you’ll then need to parse the Access Token and Access Token secret from Twitter by passing the returned content to the Net::OAuth->response(’access token’)->from_post_body() method. You can then get your Access Token and Access Token Secret from the returned response, as shown in the example. You’ll then want to store those somewhere, often some place permanent to be accessed later on behalf of the user. In our specific case, since this is just a forgot password form, we only need to store it in the session for access later, which we do in the example.

Now, remember that redirect_url parameter we passed and stored in the session? Now we can retrieve that, and redirect the user wherever you intended them to go after starting the authentication process. In this case, we’ll probably pass them onto the Forgot password page for authentication verification and identification of the user. The code on the forgot password page will look something like this:


=head2 verify_credentials

Verifies the user's Twitter credentials and returns a user hashref if successful

=cut

sub verify_credentials : Private {

 my ($self, $c) = @_;

 if (!$c->user_session->{'access_token'}) {
  return q{Access token must be retrieved from Twitter before we can run verify_credentials.};
 }

 my $response = $self->oauth_request($c,
  'url' => 'http://twitter.com/account/verify_credentials.json',
  'token' => $c->user_session->{'access_token'},
  'token_secret' => $c->user_session->{'access_token_secret'},
  'type' => "protected resource",
 );

 my $retval = '';
 if ($response->is_success) {
  $retval = eval { JSON::Any->jsonToObj( $response->content ) };
  if ( !defined $retval ) {
   return q{Twitter returned success but parsing of the response failed: }.$response->content;
  }
 }
 else {
  return $response->code;
 }

 return $retval;

}


In this example we simply send a protected resource request to Twitter’s verify_credentials call. We parse out the returned JSON response, and voila, we have an authenticated user and all their information! This particular method will return the full user’s data if they are authenticated. We can then use that on the forgot password form to identify who the user is, if they’re a SocialToo user, and it will work regardless if we even have their Twitter username correct, because it relies on the Twitter user id.

So, the final full code you’ll want to use will look something like this (again, I’m using the Catalyst framework):


=head2 authenticate_twitter

Redirects to Twitter to get OAuth Token

=cut

sub authenticate_twitter : Local {

 my ($self, $c) = @_;

#This ensures we only run the following code the first time they authenticate - pass it ?init=1 in the "sign in to Twitter" link
 unless ($c->user_session->{'request_token'} && $c->user_session->{'request_token_secret'} && !$c->req->param('init')) {
  $c->log->debug("getting request token...");

  my $res = $self->oauth_request($c,
   'url' => $c->config->{'twitter_request_url'},
   'type' => "request token",
  );

  $c->user_session->{'oauth_redirect_url'} = uri_escape($c->req->param("redirect_url"));

  if ($res->is_success) {
   my $response = Net::OAuth->response('request token')->from_post_body($res->content);
   if (defined $response->token) {
    $c->user_session->{'request_token'} = $response->token;
    $c->user_session->{'request_token_secret'} = $response->token_secret;
    my $auth_url = $c->config->{'twitter_authorize_token_url'}."?oauth_token=" . $response->token;
    $c->res->redirect($auth_url);
    $c->detach;
    return;
   }
  }
  else {
   $c->log->fatal("Something went wrong.");
   # expire request tokens each time they are used
   $c->user_session->{'request_token'} = '';
   $c->user_session->{'request_token_secret'} = '';
  }
 }
 else {
  $c->log->debug("request_token: ".$c->user_session->{'request_token'});
  $c->log->debug("request_token_secret: ".$c->user_session->{'request_token_secret'});

  my $res = $self->oauth_request($c,
   'url' => $c->config->{'twitter_access_token_url'},
   'type' => "access token",
   'token' => $c->user_session->{'request_token'},
   'token_secret' => $c->user_session->{'request_token_secret'},
  );

  if ($res->is_success) {
   my $response = Net::OAuth->response('access token')->from_post_body($res->content);
   $c->user_session->{'access_token'} = $response->token;
   $c->user_session->{'access_token_secret'} = $response->token_secret;

   $c->log->debug("redirect_url: ".$c->user_session->{'oauth_redirect_url'});
   $c->res->redirect(uri_unescape($c->user_session->{'oauth_redirect_url'}));
  }
  else {
   $c->log->fatal("Could not get an Access Token: " . $res->as_string);
  }

  # expire request tokens each time they are used
  $c->user_session->{'request_token'} = '';
  $c->user_session->{'request_token_secret'} = '';
 }

}

=head2 oauth_request

Sends a generic request to the specified url

=cut

sub oauth_request : Private {

 my $self = shift;
 my $c = shift;
 my $i = {
  'type' => '',
  'url' => '',
  'extra_params' => {},
  'token' => '',
  'token_secret' => '',
  'method' => 'GET',
  @_,
 };

 my $request = Net::OAuth->request($i->{'type'})->new(
  consumer_key => $c->config->{'twitter_consumer_key'},
  consumer_secret => $c->config->{'twitter_consumer_secret'},
  token => $i->{'token'},
  token_secret => $i->{'token_secret'},
  request_url => $i->{'url'},
  request_method => $i->{'method'},
  signature_method => 'HMAC-SHA1',
  timestamp => time,
  nonce => join('', rand_chars(size=>16, set=>'alphanumeric')),
  extra_params => $i->{'extra_params'},
 );

 $request->sign;
 $c->log->debug("URL: ".$request->to_url);

 $c->log->debug("Request: ".Dumper($request));

 my $ua = LWP::UserAgent->new;
 my $response = '';
 if ($i->{'method'} eq 'GET') {
  $response = $ua->get($request->to_url);
 }
 else {
  $response = $ua->post($request->to_url);
 }
 $c->log->debug("Response: ".Dumper($response));

 return $response;

}

=head2 verify_credentials

Verifies the user's Twitter credentials and returns a user hashref if successful

=cut

sub verify_credentials : Private {

 my ($self, $c) = @_;

 if (!$c->user_session->{'access_token'}) {
  return q{Access token must be retrieved from Twitter before we can run verify_credentials.};
 }

 my $response = $self->oauth_request($c,
  'url' => 'http://twitter.com/account/verify_credentials.json',
  'token' => $c->user_session->{'access_token'},
  'token_secret' => $c->user_session->{'access_token_secret'},
  'type' => "protected resource",
 );

 my $retval = '';
 if ($response->is_success) {
  $retval = eval { JSON::Any->jsonToObj( $response->content ) };
  if ( !defined $retval ) {
   return q{Twitter returned success but parsing of the response failed: }.$response->content;
  }
 }
 else {
  return $response->code;
 }

 return $retval;

}


To run it, you’ll (assuming this is Catalyst) point your “Sign in With Twitter” link to /authenticate_twitter?init=1&redirect_url=http://yourdomain.com/forgot on your domain. Note that “init=1″ identifies the user is not yet authenticated. That gets the request token, and redirects the user to Twitter to authenticate. Twitter then sends the user back to /authenticate_twitter on your domain. You detect that the request_token session variable has been set along with the secret key, so then run the code to get an access token. You get the access token from Twitter, store that in the session, and then redirect the user to http://yourdomain.com/forgot (identified by the redirect_url parameter in your original sign in link). http://yourdomain.com/forgot accesses the verify_credentials() method above, which takes the user session variable with the access token, verifies the user’s Twitter credentials, and returns user data for the individual. You can then display user data appropriately, and in this case allow the user to reset their password because you have officially confirmed it is them.

If you want to learn more, the documentation is pretty scarce at the moment. Hopefully myself or someone else will put together a much more abstract set of libraries targeting the Twitter platform soon surrounding this. I do recommend checking out OAuth.net and understanding the OAuth protocol a little more, along with the Net::OAuth documentation. Hopefully many more of you can share your experiences in the comments, or in your own blogs as you come across new experiences with Twitter’s OAuth in a Perl environment.

UPDATE: Looks like someone already has added an abstraction layer around all this. To simplify things even further, check out Net::Twitter::OAuth. It might be helpful to read this first anyway so you know what’s going on there.

I mentioned on Tuesday in response to Twitter’s new changes that it could be impossible for anyone to see your suggestions on #followfriday if you started your Tweets with an “@”. Based on your responses, my assumption was part right, and part wrong. #followfriday is not going away (as long as Twitter users don’t want it to). You’re just going to have to do it a little differently, and perhaps that’s a good thing.

My point of Tuesday’s post about the changes was to point out Twitter’s attitude and seeming desire to make us use Twitter the way they (the founders and employees of Twitter) use it, rather than the way we like, and how that could affect the very democratically created tradition of #followfriday from week to week. I was amazed at your response! I believe this blog had a new record, currently standing at 101 comments on a single post, all of you sharing your opinions, sharing advice on how it could work, and what you thought of Twitter’s new decision. Twitter has since clarified the Kerfuffle (say that 5 times fast, and why won’t Safari count that as a real word?) in finally a manner that they should have done in the first place. While I would still like some more promise on how they’re going to warn developers of such changes in the future (since we were affected by this as well), I think they’re at least starting to approach this in the right manner.

So, let’s talk #followfriday. It can still work. It just needs to be done differently to work. Lately, while I appreciate all your suggestions and recommendations, I’m noticing a trend which I think these new changes by Twitter actually put an end to. That’s the trend of listing just a whole bunch of Twitter screen names, followed by the hashtag, “#followfriday”, and nothing else. You’ve just recommended me to all your friends, along with about 10 others, and no reason why they should follow you. Do you think anyone pays attention to that? And if they do, will they remember the people you have just recommended? It turns out that with the new Twitter changes those can’t work anyway, because they begin with an “@” sign.

Let’s start a new tradition. I suggest selecting no more than 2 individuals every Friday. They should technically be individuals on more than one service - that can be Twitter and FriendFeed, or Twitter and Facebook, or maybe even Twitter and LinkedIn or whatever other 2 services you want to think of. You should come up with a 140 character version of your tweet, 140 characters for each individual explaining why your followers should follow each of those individuals in as much detail as possible and then post it to a microblogging service (like Twitter) somewhere. Then, on a service that allows more than 140 characters, maybe even your blog, share much more about that individual. Explain what they do, how they got there, what makes them interesting, and better yet, include a picture!

I noticed this last week as my friend, Mari Smith, shared her #followfriday entry on Facebook. She included the name of the individual, a very detailed description of why she was suggesting we become friends with the individual, and she even included a picture! Mari then continued to endorse this individual in the comments.

I think this is a trend we should all continue. Again, your Tweets can’t start with “@” - sure some can in certain instances, but let’s just not confuse ourselves here. Either start your Tweet with #followfriday and a description with the screen name of the individual, or just start your description and include their screen name some where that makes sense. What’s important is that there is detail about the individual. It’s time we start some real dialog here. Let’s build real relationships and do it in style. Make your #followfridays count by doing fewer, but with more substance. Perhaps you could even start in the comments of this post!

Yes, I believe Twitter has just become even less useful. In a very vague statement today that I guess Twitter doesn’t expect us to understand, Twitter removed, without warning or feedback from users it would seem, any and all Tweets in your stream that include @replies to people you are not following. Previously this was an option you could turn on or off, but Biz Stone, founder of Twitter, says in this “small settings update” that “receiving one-sided fragments via replies sent to folks you don’t follow in your timeline is undesirable. Today’s update removes this undesirable and confusing option.”

It would appear that Twitter again seems to think Twitter should be used in one way.

What it would appear just happened is in a single blog post, Twitter has killed the weekly phenomena, #followfriday. The tradition was to refer people your followers may not know, but you recommend following. With the removal of this feature, if I’m understanding correctly (please correct me if I’m wrong), you will no longer see #followfriday posts with names of users you don’t follow, rendering #followfriday completely useless.

Confused? Based on the last sentence of their post, it seems that Twitter doesn’t care.

UPDATE: Twitter has removed the last sentence that said “Confused? That’s understandable and exactly why we made the update.” and instead replaced it with the following clarification:

The Importance of Discovery

Spotting new folks in tweets is an interesting way to check out new profiles and find new people to follow. Despite this update, you’ll still see mentions or references linking to people you don’t follow. For example, you’ll continue to see, “Ev meeting with @biz about work stuff” even if you don’t follow @biz. We’ll be introducing better ways to discover and follow interesting accounts as we release more features in this space.

UPDATE 2: It would appear you still can’t see the above Tweet if it starts with @biz and you don’t follow @biz, removing many valuable discoverable Tweets from your stream.