User: the user using your application.
Token: there are several different sets of tokens usually in key/secret pairs.
Consumer token: the token pair Twitter gives you when you register an application.
Request token: the first token pair Twitter returns. used to build an authorize URL used to request the access token.
Access token: unique to user. Used to access users data.
Get the code
Pull code from
http://github.com/abraham/twitteroauthgit clone git://github.com/abraham/twitteroauth.git
Process overview
This is a very simplistic overview of authenticating with Twitter's OAuth.
- Build TwitterOAuth object.
- Request tokens from twitter.
- Build authorize URL.
- Send user to Twitter's authorize URL.
- Get access tokens from twitter.
- Rebuild TwitterOAuth object.
- Query Twitter API with new access tokens.
Process
For this example we will be using the the index.php from the example folder and it will be located in the web root.
public/index.php
public/twitteroauth/
Go to
https://twitter.com/oauth_clients and register a new application. Fill out what the form. For a callback URL we will be using http://example.com/index.php. Once registered you will get a consumer key and a consumer secret. Those go in index.php
Now we create a TwitterOAuth object. The class constructor chooses HMAC-SHA1 as the signature method, and builds a OAuthConsumer object with the app consumer key/secret.
$to = new TwitterOAuth($consumer_key, $consumer_secret);
With that object we use curl to request a token from twitter. The API URL we hit is https://twitter.com/oauth/request_token. getRequestToken() pulls the tokens from twitter, parses it into an array, and creates a new OAuthConsumer object.
$tok = $to->getRequestToken();
Save the tokens for when the user returns from Twitter.
Set up the authorization URL. This is the URL the user will visit to tell twitter the application can access their data. https://twitter.com/oauth/authorize is used.
$request_link = $to->getAuthorizeURL($token);
Once the user tells twitter yes and returns we request the access tokens. The access tokens can be thought of the users passwords and will be used to authenticate as them for future API calls. https://twitter.com/oauth/access_token is used.
$tok = $to->getAccessToken();
At this point you can check
https://twitter.com/account/connections and the application should be listed.
Build a new TwitterOAuth object using consumer key/secret and access key/secret.
$to = new TwitterOAuth($consumer_key, $consumer_secret, $user_access_key, $user_access_secret);
Now to interact with the API as the user to verify their credentials. This should return their profile. You can now save the access key/secret as being associated with the returned user info.
$content = $to->OAuthRequest('https://twitter.com/account/verify_credentials.xml', array(), 'GET');
To send a status update change the API URL and add a key/value array.
$content = $to->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => 'Test OAuth update. #testoauth'), 'POST');
There you have it. Basic interaction with Twitter's OAuth beta. To run other commands just change the API URL and array() keys/values in the last call.
Links
My website:
http://abrah.amTwitter:
http://twitter.comOAuth:
http://oauth.netTwitter API docs:
http://apiwiki.twitter.comTwitter API discussion:
http://groups.google.com/group/twitter-development-talkFire Eagle OAuth docs:
http://fireeagle.yahoo.net/developer/documentation/php_walkthru
One of the cofounders of 
