How To: PHP OAuth Twitter
So, you’re building a web based twitter client in PHP. Easy, just use a simple Twitter API client and call the Twitter API directly. But what if you don’t want to store the user’s Twitter authentication information anywhere? It’s a security risk anyway and some people don’t want to give up their account details to a 3rd party. So what to do? The solution is to use OAuth with Twitter.
How do you do this? I’d recommend taking the following steps:
- Get this great OAuth Twitter PHP library from Abraham Williams
- Sign up for a Twitter application and get an application setup. You’ll need the “Consumer Key” and “Consumer Secret” values from Twitter. You will also need to set a “callback url” that Twitter will send the user back to. Make sure you set this correctly.
- Include the “twitterOAuth.php” library provided by Adbraham Williams in your code
Now, the process through which OAuth works with Twitter (and any other platform) is as follows:
Firstly, you need to get the user to authenticate with twitter and permit your application to perform actions on their behalf. To do this, you need to send the user to twitter with a special “authorisation token”.
You request an authorisation token from Twitter, using your Consumer Key and Consumer Secret values you obtained when you signed up for a Twitter Application:
$connection = new TwitterOAuth($consumer_key, $consumer_secret); $request_token = $connection->getRequestToken();
The $request_token returned contains the “request token” information, which you should store somewhere:
$userData['Twitter_Request_Token'] = $token = $request_token['oauth_token']; $userData['Twitter_Request_Token_Secret'] = $request_token['oauth_token_secret']; $db->Save_User_Data($userData); // Replace with your own saving method
Now that you have your request token, you can send the user off to Twitter to authenticate:
$authenticateUrl = $connection->getAuthorizeURL($token);
header("Location: $authenticateUrl");
exit;
Twitter will now authenticate the user and confirm they want your application to have access to their account. Your next interaction will be on the “callback url” you setup when you created your Twitter application. In this script you will need to use the “twitter request tokens” you saved previously to then request the “Access token” from Twitter:
$to = new TwitterOAuth($consumer_key, $consumer_secret, $userData['Twitter_Request_Token'], $userData['Twitter_Request_Token_Secret']); $tok = $to->getAccessToken();
Now that you’ve got the access token, you should save it as you’ll use this in future requests to Twitter:
$userData['Twitter_Access_Token'] = $tok['oauth_token']; $userData['Twitter_Access_Token_Secret'] = $tok['oauth_token_secret']; $db->Save_User_Data($userData);
Now confirm you have access to the user on Twitter:
$to = new TwitterOAuth($consumer_key, $consumer_secret,
$userData['Twitter_Access_Token'], $userData['Twitter_Access_Token_Secret']);
$result = json_decode($to->OAuthRequest('https://twitter.com/account/verify_credentials.json', array(), 'GET'));
if ($result->id){
// Everything is fine
}
Now you have access to Twitter via OAuth! You can now run commands like this:
$to = new TwitterOAuth($consumer_key, $consumer_secret, $access_token, $access_token_secret);
$result = json_decode($to->OAuthRequest(
'https://twitter.com/statuses/update.json',
array('status' => $tweet), 'POST'));
The above should give you a few pointers on how to actually get up and running using OAuth/PHP on Twitter. I hope this post helps a few people get it all working.
February 14th, 2010 at 6:05 am
Nice write up. I’ve added a link to the list of community how tos: http://wiki.github.com/abraham/twitteroauth/links
February 14th, 2010 at 6:07 am
Btw: the comment link has has a bug in it where you switch from using ” to using ‘.
February 14th, 2010 at 9:10 am
Thanks for the feedback Abraham, the reference, and your continued work on twitterOAuth