How To: PHP OAuth Twitter

So, you’re building a web based twitter client in PHP.  Easy, just use a simple Twitter API client and call the Twitter API directly.  But what if you don’t want to store the user’s Twitter authentication information anywhere?  It’s a security risk anyway and some people don’t want to give up their account details to a 3rd party.  So what to do?  The solution is to use OAuth with Twitter.

How do you do this?  I’d recommend taking the following steps:

  1. Get this great OAuth Twitter PHP library from Abraham Williams
  2. Sign up for a Twitter application and get an application setup.  You’ll need the “Consumer Key” and “Consumer Secret” values from Twitter. You will also need to set a “callback url” that Twitter will send the user back to.  Make sure you set this correctly.
  3. Include the “twitterOAuth.php” library provided by Adbraham Williams in your code

Now, the process through which OAuth works with Twitter (and any other platform) is as follows:

Firstly, you need to get the user to authenticate with twitter and permit your application to perform actions on their behalf.  To do this, you need to send the user to twitter with a special “authorisation token”.

You request an authorisation token from Twitter, using your Consumer Key and Consumer Secret values you obtained when you signed up for a Twitter Application:

$connection = new TwitterOAuth($consumer_key, $consumer_secret);
$request_token = $connection->getRequestToken();

The $request_token returned contains the “request token” information, which you should store somewhere:

$userData['Twitter_Request_Token'] = $token = $request_token['oauth_token'];
$userData['Twitter_Request_Token_Secret'] = $request_token['oauth_token_secret'];
$db->Save_User_Data($userData); // Replace with your own saving method

Now that you have your request token, you can send the user off to Twitter to authenticate:

$authenticateUrl = $connection->getAuthorizeURL($token);
header("Location: $authenticateUrl");

Twitter will now authenticate the user and confirm they want your application to have access to their account.  Your next interaction will be on the “callback url” you setup when you created your Twitter application.  In this script you will need to use the “twitter request tokens” you saved previously to then request the “Access token” from Twitter:

$to = new TwitterOAuth($consumer_key, $consumer_secret,
$userData['Twitter_Request_Token'], $userData['Twitter_Request_Token_Secret']);
$tok = $to->getAccessToken();

Now that you’ve got the access token, you should save it as you’ll use this in future requests to Twitter:

$userData['Twitter_Access_Token'] 	= $tok['oauth_token'];
$userData['Twitter_Access_Token_Secret'] = $tok['oauth_token_secret'];

Now confirm you have access to the user on Twitter:

$to = new TwitterOAuth($consumer_key, $consumer_secret,
$userData['Twitter_Access_Token'], $userData['Twitter_Access_Token_Secret']);
$result = json_decode($to->OAuthRequest('', array(), 'GET'));
if ($result->id){
// Everything is fine

Now you have access to Twitter via OAuth!  You can now run commands like this:

$to = new TwitterOAuth($consumer_key, $consumer_secret, $userData[‘Twitter_Access_Token’], $userData[‘Twitter_Access_Token_Secret’]);
$result = json_decode($to->OAuthRequest(‘’, array(‘status’ => $tweet), ‘POST’));
$to = new TwitterOAuth($consumer_key, $consumer_secret, $access_token, $access_token_secret);
$result = json_decode($to->OAuthRequest(
       array('status' => $tweet), 'POST'));

The above should give you a few pointers on how to actually get up and running using OAuth/PHP on Twitter.  I hope this post helps a few people get it all working.

8 Replies to “How To: PHP OAuth Twitter”

  1. Although this is an old post, it was very useful to me!
    However, there are some corrections to be made.
    The order of the arguments to the oAuthRequest funcion has changed in later versions of twitteroauth, switching the method with the arguments:

    $to->OAuthRequest(‘’, array(‘status’ => $tweet), ‘POST’);


    $to->OAuthRequest(‘’, ‘POST’, array(‘status’ => $tweet));

  2. This was working great until:

    Warning: array_merge() [function.array-merge]: Argument #2 is not an array in twitteroauth/OAuth.php on line 301

    Any ideas?

  3. How can I display $result at the last example above? I’m having some problems with the post and I need to know what error is being returned. How to display errors?

Leave a Reply