Adding support for automated tweets with OAuth

This post is more than 2 years old.

So, a few weeks ago Twitter replaced Basic Auth for OAuth in their APIs. I was aware of this of course, but it never occurred to me to worry about it as I don't actually work on a Twitter client myself. However, I forgot that one of my sites,, makes use of the Twitter API to tweet new blog entries it aggregates. When I tweeted about this today I got a lot of recommendations, but for the most part, the advice, and the docs, focused on applications for humans. By that I mean, the assumption was that your Twitter automation was a tool that random users were using. The docs would explain how you could easily direct them to Twitter to authorize your application and how they would be sent back. That's great, but what about the case for Twitter bots? Nothing out there seemed to address that need. Luckily though I got some great help. In this blog post I'll explain exactly how I updated CFBloggers to post to Twitter. While this is a ColdFusion specific post it really could apply to anyone doing Twitter bots. Credit for this goes to Todd Rafferty, Vic Carter, and Rob O'Brien (and specifically his blog post here: Integrating Twitter and OAuth with ColdFusion)

Ok, so before I get into the exact steps, let me summarize what we are going to do here. We are going to switch to a Java based Twitter library that makes use of OAuth-wrapped calls to Twitter. That handles the sending of tweets. To handle "allow my web site to do this" we are going to use a temporary script. The temporary script is a one time process that we will use to get our tokens that are then fed to the Twitter client. Once we have that we should be gold.

Edited September 16: Reader Angela Haralson pointed out (see comments below) a great time saver. The creation of the temporary script to get AccessToken and Secret is not necessary. You can get those values from the Twitter web site. This makes things even easier! Please keep that in mind when reading below. Basically you can focus more on the Java library and your setup at

  1. The first step is to get the Java library. At this time there are no ColdFusion Twitter clients that make use of OAuth, but if anyone knows of one, or creates one after this entry is released, please post it below. The Java library is called Twitter4J and may be found here:

  1. You can put the Twitter4J jar in your ColdFusion class path, or do it the sexy way and make use of JavaLoader. I made use of JavaLoader. This is what I added to my Application.cfc:

<cfset var paths = [expandPath("./components/twitter4j-core-2.1.4-SNAPSHOT.jar")]> <cfset application.javaloader = createObject("component", "components.javaloader.JavaLoader").init(paths)>

<cfset application.Twitter = application.javaloader.create("twitter4j.Twitter")>

  1. This is the beginning of the one time process! We need to create an application on the Twitter web site. This is the application that represents our web site robot. Go to and login. You can login as your primary Twitter account or the robot's account. In the top nav click "Your Apps" and select Register a New app.

  1. The application name, description, and web site are not important. However, the application name is what folks will see when you robot tweets. I picked "CFBloggersRobot" for mine. For the application web site I just used For the organization I said Me. It's a great organization but the benefits suck. Now for two critical parts. Application Type must be Browser. The call back URL is going to be a temporary script we will make in the next step. Notice that the call back URL can be a local url, by that I mean I used, which is only recognized by my local machine. I used this url: The mode=1 is also critical and will make sense one you see the script. Finally, ensure you set access type to Read and Write. Otherwise you will not be able to send tweets.

  1. After you save the application you will go to a settings page. Notice that there are two values here you will need, the consumer key and the consumer secret. This will be used in step 6.

  1. Ok, now we are going to create the temporary script:

<cfset Twitter = application.javaloader.create("twitter4j.Twitter")> <cfset Twitter.setOAuthConsumer('cosumer key','consumer secret')>

<cfif structKeyExists(url,'mode') IS FALSE>

&lt;!--- // 2. Authorize ---&gt;
&lt;cfset RequestToken = Twitter.getOAuthRequestToken()&gt;
&lt;cfset Session.oAuthRequestToken = RequestToken.getToken()&gt;
&lt;cfset Session.oAuthRequestTokenSecret = RequestToken.getTokenSecret()&gt;
&lt;cflocation url="#RequestToken.getAuthorizationURL()#" addtoken="No"&gt;


&lt;!--- // 3. Authenticate // ---&gt;
&lt;cfset AccessToken = Twitter.getOAuthAccessToken(Session.oAuthRequestToken,Session.oAuthRequestTokenSecret)&gt;
&lt;cfset session.StoredAccessToken = AccessToken.getToken()&gt;
&lt;cfset session.StoredAccessSecret = AccessToken.getTokenSecret()&gt;
&lt;cfdump var="#session#"&gt;&lt;cfabort&gt;


So the script begins by getting an instance of the Twitter Java library. I have this in Application scope already but as this is a one time script I wanted to keep it simple. Notice the two strings. Replace those with the real value. Now open this baby up in your browser - and to be clear, you can do this all locally just fine.

When you run this you will get sent to the Twitter authorization page. Obviously you want to allow your application. Twitter will then send you right back to the script with mode=1 in the URL. This will trigger the dump you see. Within that dump you want to grab the values for storedaccesstoken and storedaccesssecret.

  1. Return back to your application.cfc. You need to provide all 4 values to your Twitter object:

<cfset var paths = [expandPath("./components/twitter4j-core-2.1.4-SNAPSHOT.jar")]> <cfset application.javaloader = createObject("component", "components.javaloader.JavaLoader").init(paths)>

<cfset application.Twitter = application.javaloader.create("twitter4j.Twitter")> <cfset application.Twitter.setOAuthConsumer('consumerkey',consumersecret')> <cfset application.Twitter.setOAuthAccessToken("storedaccesstoken" ,"storedaccesssecret")>

  1. The final step is to update your code from the old way of sending Tweets to the new way. Luckily this is very trivial. I changed:

<cfset twit_result = application.twitter.statuses_update(message)>


<cfset application.twitter.updateStatus(message)>

And that's it. Once things were explained to me the actual coding took approximately 5 minutes.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA

Archived Comments

Comment 1 by Mr. Michael Santoroski posted on 9/8/2010 at 12:33 AM

Could this be applied to FacebookConnect?

Comment 2 by Raymond Camden posted on 9/8/2010 at 12:33 AM

No idea. It's been a long time since I played with the Facebook API.

Comment 3 by Jeff Gladnick posted on 9/8/2010 at 1:18 AM

re: facebook connect. Not really. And facebook connect is being depreciated in favor of "Graph"

Look at this guy's blog:

And this open source project:

Comment 4 by Mike Jaixen posted on 9/8/2010 at 9:21 PM

Thanks for this great tutorial. It's somewhat complex to get set up, but once you do it, it's actually very simple.

My one question is that it appears that you can send a location with your status updates by simply adding a location parameter.

<cfset Twitter.updateStatus(statusUpdate, location)>

However, I'm not sure how to create a GeoLocation from ColdFusion. Haven't worked at all with Java API's, but it appears that GeoLocation is part of the twitter4j package...just don't know how to get to it.

Comment 5 by Ed Bartram posted on 9/9/2010 at 12:19 AM

Ray, I've been struggling with this for a few days and really appreciate you posting your solution. I had looked at twitter4j, but rejected it in favor of working with the OAuth project on RIAForge ( When I saw your blog post I looked at twitter4j again, this time using javaloader and was able to solve my problem. I may still continue looking at OAuth, but my production app is back up and running. Thanks again! -Ed

Comment 6 by Ennio posted on 9/9/2010 at 6:16 PM

I keep getting this error

401:Authentication credentials were missing or incorrect. {"request":"/1/statuses/update.json","error":"Invalid / expired Token"} null

How often do you need to validate the Token?

Comment 7 by Raymond Camden posted on 9/9/2010 at 6:17 PM

It was my understanding that it lasted forever. I've yet to see an app that used oauth ask me to do it again. Look at my app.cfc code - are you setting BOTH the OAuthConsumer and Access stuff?

Comment 8 by Ennio posted on 9/9/2010 at 6:38 PM


I have the same info that you have on the app.cfc

When I call the Twitter.test() it does return OK... but any other function like getScreenName(), or updateStatus()... I get that error.

I do have my storedaccesstoken and storedaccesssecret saved on my DB... and if I try to authorize the application again I get the same token that I have on my DB.

Comment 9 by Raymond Camden posted on 9/9/2010 at 6:44 PM

Not sure what to recommend then. You may want to check the support options at twitter4j. I know it is still working fine for CFBloggers.

Comment 10 by Raymond Camden posted on 9/9/2010 at 6:49 PM

@Mike: You can't get geolocation from CF itself. The browser has to help. Google for geolocation and javascript for help there. As for doing geolocation of addresses - you can use a Google service for that and there is an open source CFC for it on RIAForge.

Comment 11 by Mike Jaixen posted on 9/9/2010 at 7:02 PM

I figured out the Geolocation issue after doing a little more investigation on how to create Java objects with ColdFusion. I just needed to create the GeoLocation object then init it with the lat/long.

<cfset location = createObject("java", "twitter4j.GeoLocation").init(Lat, Lon)>
<cfset Twitter.updateStatus(statusUpdate, location)>

Since my particular app is all server based and gets the lat/long from a GPS, there is no need to use any lookups. I just needed to figure out how to send it to Twitter along with the update. Worked great yesterday, but today it doesn't. I think that Twitter has disabled location tweets today, likely for a technical issue, since I don't see anybody else with locations on them either.

Comment 12 by Angela posted on 9/15/2010 at 7:16 PM

You actually don't need the temporary script, you can get your access token by going to
Click on your application. The page that comes up has your Consumer Key and Consumer Secret, but if you look at the nav options to the right, there should be an option "My Access Token", that page will give you your Access Token and Access Token Secret.

Here is a twitter link that describes how to use OAuth for single users:

Comment 13 by Raymond Camden posted on 9/15/2010 at 7:24 PM

Interesting. So if you are right, that means this entire entry is now probably worthless - which I'm ok with if it means we can skip a lot of work, and just make use of the Java library.

Is that right?

Comment 14 by Angela Haralson posted on 9/15/2010 at 8:31 PM

Well, you don't need the temporary script like I said, but all the other information was useful to me. I had previously looked at the Twitter4J library and the Rob O'Brien post, but it took reading through your blog post for me to put it all together and get it working!

Thanks also for the tip on using JavaLoader!

Comment 15 by Raymond Camden posted on 9/17/2010 at 5:25 AM

@Angela - and anyone - I updated the text above to make it clear we can skip stuff. I didn't want to wholesale edit the entry because I thought it would get a bit messy.

Is it clear?

Thank you again, Angela.

Comment 16 by Scott P posted on 9/25/2010 at 6:26 AM

Thanks Ray and Angela.

For anyone else that stumbles across this - once you sign up at you'll need to grab the Consumer key and the consumer secret from the application details page then the oauth_token and oauth_token_secret from the my access tokens page.

just skip to step 7 once you get those.

<cfset application.Twitter.setOAuthConsumer('REPLACE_consumerkey','REPLACE_consumersecret')>
<cfset application.Twitter.setOAuthAccessToken("REPLACE_oauth_token" ,"REPLACE_oauth_token_secret")>

Comment 17 by Phillip Senn posted on 1/15/2011 at 1:44 AM

I wonder if we in the ColdFusion community (meaning you Ray), could do something like this:

Comment 18 by Raymond Camden posted on 1/15/2011 at 2:34 AM

Check my blog entry on OpenAmplify: http://www.coldfusionjedi.c...

It would let you to the textual analysis of the twitter text.

Comment 19 by Esmeralda posted on 1/28/2011 at 10:25 PM

Just in case anyone else runs into this... if your server is quickly running out of memory and you have copied and pasted this code verbatim, change the application scoped variables to server. This being due to garbage collection and URLClassLoaders. See the link or .

Comment 20 by Raymond Camden posted on 1/28/2011 at 10:27 PM

Thanks for the warning Esmeralda!

Comment 21 by Richard posted on 3/4/2011 at 4:07 PM

Hi Ray, great tutorial but I'm having some problems running on MX7, any reasons for this that you may know of? I've found multiple examples but none of them work it's driving me mad :)

Comment 22 by Raymond Camden posted on 3/4/2011 at 5:01 PM

What kind of problems?

Comment 23 by Richard posted on 3/4/2011 at 8:59 PM

I've installed the JAR files, but I get the "Error Occurred While Processing Request" message for twitter4j.Twitter

It tells me

java.lang.InstantiationException: twitter4j.Twitter

Any ideas? Would greatly appreciate any help you can give me with this. It seems to work for everyone else which is why it's driving me so crazy.

Comment 24 by Derrick Peavy posted on 3/5/2011 at 3:07 AM

You all are genuises. But for some of us, this is more complicated than it needs to be. What I need/want is for a user to authenticate via twitter, make a tweet from my app. So MY OWN token is not what I need, I need their token, and that's not going to be stored in an application var.

Here is my BUTT AS* simple App (old school style), registering the class under the old style (just cause it's gonna stay there, so why not?) instead of using the dynamic Java loader.

3 files.

Applicaction.cfm CONTENTS:::

<!--- 1. your app token and secret --->
<cfparam name="session.oAuthRequestToken" default="">
<cfparam name="session.oAuthRequestTokenSecret" default="">

<!--- 2. the user tokens --->
<cfparam name="session.userAccessToken" default="">
<cfparam name="session.userAccessSecret" default="">

index.cfm file CONTENTS::

<!--- always create the java object --->
<cfset Twitter = createObject("java", "twitter4j.Twitter")>
<cfset Twitter.setOAuthConsumer(application.twitterConsumerKey, application.twitterConsumerSecret)>

<cfif structKeyExists(url,'mode') IS FALSE>
<cfset requestToken = Twitter.getOAuthRequestToken()>
<cfset session.oAuthRequestToken = RequestToken.getToken()>
<cfset session.oAuthRequestTokenSecret = RequestToken.getTokenSecret()>
<cflocation url="#RequestToken.getAuthorizationURL()#" addtoken="No">
<cfset accessToken = Twitter.getOAuthAccessToken(session.oAuthRequestToken,session.oAuthRequestTokenSecret)>
<cfset session.userAccessToken = accessToken.getToken()>
<cfset session.userAccessSecret = accessToken.getTokenSecret()>

demo.cfm CONTENTS::

<cfset Twitter = createObject("java", "twitter4j.Twitter")>
<cfset Twitter.setOAuthConsumer(#application.twitterConsumerKey#, #application.twitterConsumerSecret#)>
<cfset Twitter.setOAuthAccessToken(#session.StoredAccessToken# ,#session.StoredAccessSecret#)>

<cfset Twitter.updateStatus("Test: thank you to Rob OBrien and Ray Camden and Twitter4J!")>

Comment 25 by Derrick Peavy posted on 3/5/2011 at 3:09 AM

Sorry, one mistake, I set my own application's (that is, my Twitter appliction API keys in my CF Application file as well. So the application file also has these three lines:

<cfset application.twitterApiKey="abcdefg">
<cfset application.twitterConsumerKey="hijklmnop">
<cfset application.twitterConsumerSecret="qrstuvwxyz">

Comment 26 by Jeff Shain posted on 3/19/2011 at 2:17 PM

Any plans to update this for the latest edition of twitter4j?

Comment 27 by Raymond Camden posted on 3/19/2011 at 5:05 PM

My blog entry? If their API didn't change, there isn't much need - is there?

Comment 28 by Jeff Shain posted on 3/21/2011 at 6:42 AM

Well Twitter's API didn't change but the java methods have changed for Twitter4j. You don't have to do anything, obviously, it's your call. Just asking.

Comment 29 by Raymond Camden posted on 3/21/2011 at 6:49 AM

I wasn't aware it _did_ change. :)

Comment 30 by Jeff Shain posted on 3/21/2011 at 7:11 AM

Yeah. I'm using javaloader:

<cfset begintwitter = application.javaloader.create("twitter4j.TwitterFactory")>
<cfset Twitter = begintwitter.getinstance()>
<cfset Twitter.setOAuthConsumer('key','secret')>

I am able to properly redirect to twitter, login and send the oauth back, but for some reason I can't seem to figure out why I'm getting this:

The screen name / password combination seems to be invalid. null <br>The error occurred on line 36.

Line 36 is:

<cfset session.StoredAccessSecret = AccessToken.getTokenSecret()>

I don't know if getTokenSecret() is deprecated or not. I can't find it in the class wiki.

Comment 31 by Jeff Shain posted on 3/21/2011 at 7:12 AM

Correction, line 36 is:

<cfset AccessToken = Twitter.getOAuthAccessToken(session.oAuthRequestToken,session.oAuthRequestTokenSecret)>

Comment 32 by Raymond Camden posted on 3/22/2011 at 11:56 PM

Did you try skipping the step as the commenter said earlier - ie just get the consumer values via the site?

I went through this myself for jquerybloggers this past week and it worked fine - but I used the Java code from my zip.

Comment 33 by Rob posted on 3/31/2011 at 7:47 AM

Hi Ray,

I've been trying to figure this out all day and I am stumped. Firstly it seems the setOAuthConsumer method is not used anymore in the latest release of twitter4j. - it says it's VOID.

I have opened the jar file as a zip and I don't even see the method in there to call. So I was able to find version twitter4j-core-2.1.4-SNAPSHOT.jar online and I opened that and the setOAuthConsumer method isn't in there either. Am I missing something?

I get the following error:
The setOAuthConsumer method was not found.

Either there are no methods with the specified method name and argument types or the setOAuthConsumer method is overloaded with argument types that ColdFusion cannot decipher reliably. ColdFusion found 0 methods that match the provided arguments. If this is a Java object and you verified that the method exists, use the javacast function to reduce ambiguity.

I have tried on CF7, CF8, and CF9. My main requirement is to get it up on CF7 as a client of mine is using that version. I initially got Matt's monkeyTweets working and it's awesome but unfortunately it breaks on CF7.

Any ideas? Thx.

Comment 34 by Raymond Camden posted on 3/31/2011 at 3:07 PM

What about trying the version from CFB's repo:

Grab the JAR there.

Comment 35 by Rob posted on 3/31/2011 at 6:28 PM

Ray - YOU ROCK! Thanks man. My saga has ended.

Initially I was getting the same issue as Ennio above:
401:Authentication credentials were missing or incorrect.

I then dug around a little more and found out that my dev server's clock was not accurate which was causing that error. It said it was the year 2001, and the time was wrong too. Once I fixed that, I was successfully forwarded on.

This is CF7 btw, antiquated, I know but the client didn't want to change.

Comment 36 by Raymond Camden posted on 3/31/2011 at 6:39 PM

Clock issues. Sigh. Sometimes it's the smallest thing...

Comment 37 by Dom posted on 4/8/2011 at 9:04 PM

Thanks everyone for this post. It saved me a load of time. Initially I had the same error as Rob (missing method using latest version of twitter4j - replaced it with the older version as per Ray's suggestion). Then saw the 401 authentication errors - I changed the access to my twitter app to client rather than web and regenerated the token and then everything worked fine. Also took on board the suggestion about using the server scope. <cftwitter /> in X anyone?

Comment 38 by John Sieber posted on 5/18/2011 at 12:26 AM

Just found this post while working on setting up twitter4j. Thanks again for another great post!

Comment 39 by John Sieber posted on 5/18/2011 at 12:27 AM

Can anyone confirm the memory leak problems with using the application scope? Just wondering if I should make the change to the server scope?

Comment 40 by David Graham posted on 6/3/2011 at 11:17 PM

I couldn't get twitter4j 2.2.x to work with CF - the getOAuthAccessToken() method is too overloaded and CF doesn't type well enough. However, I was able to download version 2.1.12 ( and it works great.

I also had the server time issues - 26 minutes off and it would not work.

Comment 41 by Jimmy Rousseau posted on 7/19/2011 at 10:40 PM

Thanks for this, you guys are awesome.

Comment 42 by Sean Ryan posted on 9/19/2011 at 5:22 AM

The current version of twitter4j is 2.2 and they changed the Twitter object from a class to an interface. You can no longer get an instance of the implementing class by invoking the Twitter object. If you change <cfset application.Twitter = application.javaloader.create("twitter4j.Twitter")> to <cfset application.Twitter = application.javaloader.create("twitter4j.TwitterFactory").getInstance()> it should work.

Great post Ray, and nice meeting you at NCDEVCON this weekend.

Comment 43 by Raymond Camden posted on 9/19/2011 at 5:57 AM

Same here - and thanks for that fix!

Comment 44 by Sean Ryan posted on 9/19/2011 at 8:44 PM

My comment above is incomplete and I just wanted to point people to a more verbose explanation with a code snippet of what I was referring to about version 2.2.x of twitter4j.

I post a very short blog entry here: http://techblog.troywebcons...

Comment 45 by stu posted on 1/26/2012 at 4:40 PM

Hi Ray,

If we cont use javaloader and put the jar in the class file how does the java code change


Comment 46 by Raymond Camden posted on 1/26/2012 at 5:22 PM

Um - you can't do it at all I believe.

Comment 47 by Sean Ryan posted on 1/26/2012 at 6:59 PM

Ray's correct. In this case, ColdFusion isn't interacting with Twitter. It's really interacting with the twitter java library (the jar file). It's the library that does the heavy lifting. Without the ability to add the library to your classpath or ability to use the classloader, you're unfortunately out of luck :(

Comment 48 by Talal M posted on 6/12/2013 at 12:56 PM

twitter requested developers to migrate to API V1.1 and now I cannot post using your method. Any suggestions of how to resolve this issue now ?

Comment 49 by Calvin Trinh posted on 6/14/2013 at 9:49 PM

We are having the same problem as Talal. Twitter retired API V1.0, we not getting any new twitter post after 6/12. I'm hoping someone will have a resolution soon.