Ability to use twurl without having to run authorize first if you already have consumer key/secret and access token/secret from developer.twitter.com

Expected behavior

specifying -c -s -a -S should make have to call "authorize" first unnecessary.

Actual behavior

not only is authorize necessary but the flags -c -s -a -S are ignored if specified for requests.

Steps to reproduce the behavior

1. Do the twurl authorize flow

2. Regenerate your access tokens on developer.twitter.com

3. Try to issue commands with -c -s -a -S. Have them fail. Run them with -t and you'll its using the old token, not the one specified on the command line.

This makes it harder to use twurl in automated scripts when you've already generated all the needed the credentials and don't need user interaction.

Oh, .twurlrc is also a plain text file that contains secrets in it. It would be much more secure if there was a mode that didn't generate this at all.

Context: I'm using this part of a glitch.com bot and all generated files are by default world visible.

On Glitch, I've successfully used the established method of putting secrets in the .env file - that way they are not accessible outside of the application code.

Yes, my script gets the values from the .env file. But how did you stop a .twurlrc file from being generated?

Ping. Just had to do this again. twurl generates a .twurlrc that is world visible the next time you refresh

In my case, I run twurl locally; take the secrets and put them in .env on Glitch. I never run twurl itself on Glitch, as that would (as you say) leave the .twurlrc file on the Glitch instance.

Here is my initial attempt PR: #131

https://rubygems.org/gems/twurl/versions/0.9.5
We've published a new version, closing.