Support for OAuth & Twitter REST API

The other day I worked on my GIF-File-Parser (which is still WIP) and wondered if I could actually receive gif images directly from Twitter. Comes out there is no simple Plug&Play library available. All of the OAuth modules available for Lua depend on C-Modules for Base64 encoding, HMAC-SHA1 computations and other crazy stuff. I decided to have a try on this one myself.

I knew Codea had Base64 support already, so only SHA1 was required which was done before in pure Lua. Unfortunately it seemed like either Codea’s Base64 module or the SHA1 module was causing faulty results and thus the signature required to compute for twitter was always failing on requests.

So I went out again and found replacement. I picked lockbox for encryption, which has all kinds of encryption methods available. This library also incorporates Base64 encoding and Bitwise Operations - basically everything one might need. And it’s all written in pure Lua. So I took time to convert the code to work with Codea. I could rewrite it to minimize dependencies even further, but it was a try and I didn’t want to waste time too much, before I even knew it would work. But with lockbox my OAuth module worked eventually and I’m happy with it so far.

Today I’d like to share my OAuth 1.0 module with all of you. This thing gives you the power to access Twitter’s REST API over simple http requests. You can read, write and directmessage. You can do everything on behalf of any user (user-context) or at application-context only. This means you could create a complete Twitter Client, just like TweetDeck or something.

@twolivesleft we’ll have some twitter integration very soon in #Codea :) - thank you for developing such a brilliant framework!

— herrsch (@supacowa) 14. Juni 2017

Ok, lets walk you through the setup.


  1. Download the lockbox library into your Dropbox account
    (Just drop all files and folders into “Dropbox/lockbox/” namespace)
  2. Copy this two tab sources over to your Codea project
  3. You need a twitter account: Goto and register your app with your twitter account
  4. Adjust permissions of your app
  5. Now you need some tokens: “Consumer Key” and “Consumer Secret”
    (Optional: You can also generate “Access Token” and “Access Token Secret” if you want to tie your app only to this twitter account. Most of the time you want to omit them!)


Now you have your “lockbox” folder inside your Dropbox and you have also copied the sourcecode into your Codea project. We only need to paste the generated Tokens inside the Codea app.

Try to run the app.
(If you didn’t use any “Access Tokens” then you will be prompted to log-in and authorize the application. Copy the PIN-Code and Click “Done” in the browser. Paste the PIN and click the “twitter_connect” button.)
Now you should be able to see the latest tweet from your timeline!

There are three methods you can use:

  • twitter.check(): checks if you are authenticated. It will also try to auto-authenticate you (calling twitter.authenticate()) if you haven’t supplied “Access Token” and “Access Token Secret”
  • twitter.authenticate() tries to obtain “Access Token” and “Access Token Secret” automatically
  • twitter.request(method, url, parameters, callback_success, callback_failure) is the main method for interacting with the REST API. See Twitter docs for more information - or just ask me in PM.

@se24vad Nice work, I’m sure someone will find this useful. I didn’t realise that the import path for require could be repointed with package.path in Codea. :o I’m surprised Apple have allowed it. I wonder whether package.cpath also works… Seems unlikely, have you tried it?

I could imagine it does work too. but I dind’t try altering cpath mostly because i have no *.dylib available to test and I’m very bad at compiling stuff… this topic is a magic black box for me