Аутентификация application-only в Twitter

Twitter поддерживает несколько аутентификационных методов и ряд OAuth аутентификационных стилей.

Client Credentials Grant
OAuth 2 specification

With Application-only authentication you don't have the context of an authenticated user and this means that any request to API for endpoints that require user context, such as posting tweets, will not work.

Your app will be able to, for example:
  • Pull user timelines;
  • Access friends and followers of any account;
  • Access lists resources;
  • Search in tweets;
  • Retrieve any user information;

And it won't be able to:
  • Post tweets or other resources;
  • Connect in Streaming endpoints;
  • Search for users;
  • Use any geo endpoint;
  • Access DMs or account credentials;

The application-only auth flow follows these steps:
  1. An application encodes its consumer key and secret into a specially encoded set of credentials.
  2. An application makes a request to the POST oauth2/token endpoint to exchange these credentials for a bearer token.
  3. When accessing the REST API, the application uses the bearer token to authenticate.