Not to worry Velomobilers, I’ve got a post about design influences of the Atomic Duck ready for next week and designing continues. This week just finishes off a set of posts about the upgrades I’ve been making to TweetUpdater.


OAuth is really not as simple as basic authentication. No more “save username and password and add them to every request to twitter”. There’s a little too-ing and fro-ing first.

To get the process of authentication right, I put together a command line php script to let me try authenticating, verifying and tweeting.

The TwitterOAuth functions I’ve used in this script are from the the TwitterOAuth PHP library from Abraham Williams, found here http://github.com/abraham/twitteroauth. To run this script, include twitteroauth.php and OAuth.php in the same folder.

<?php
/** Authenticate Twitter user: OAuth Workflow
 *
 * Run from command line:
 * 	$> php <filename>.php (register|validate|test|tweet)
 *
 * Errors are not really accounted for, so run:
 * 	1. Register
 * 	2. Then goto the returned url and authenticate with twitter.
 * 	3. Validate
 * 	4. Test/Tweet
 *
 */

require_once('twitteroauth.php');

$consumer_key = 'set your test consumer key here';
$consumer_key_secret = 'set your test consumer key secret here';

$action = isset($_GET["action"]) ? $_GET["action"] : $argv[1];

if ($action == "register")
}
	echo "Registering... \n";

	// First, build a new TwitterOAuth object with client credentials.
	$connection = new TwitterOAuth($consumer_key, $consumer_key_secret);

	//get a request token from Twitter
	$request = $connection->getRequestToken();

	// Retrive the tokens from request
	$request_token = $request["oauth_token"];
	$request_token_secret = $request["oauth_token_secret"];

	// And store the two request tokens somewhere.
	// I'll just put them in files for this test
	file_put_contents("request_token", $request_token);
	file_put_contents("request_token_secret", $request_token_secret);

	// Output the request tokens for verification
	echo "Request token: $request_token \n";
	echo "Request token secret: $request_token_secret \n";

	// And finally, generate a request link and output it.
	$request_link = $connection->getAuthorizeURL($request);
	echo "Allow access by following the instructions at this url: \n$request_link \n";
	die();
}
elseif ($action == "validate")
{

	echo "Validating \n";

	//To validate, get the request tokens from files they were stored in:
	$request_token = file_get_contents("request_token");
	$request_token_secret = file_get_contents("request_token_secret");

	// Initiate a new TwitterOAuth object. Provide the request token and request token secret
	$connection = new TwitterOAuth($consumer_key, $consumer_key_secret, $request_token, $request_token_secret);

	// Ask Twitter for an access token (and an access token secret)
	$request = $connection->getAccessToken();

	// Retrieve access token from request:
	$access_token = $request['oauth_token'];
	$access_token_secret = $request['oauth_token_secret'];

	echo "Access Token is: $access_token \n";
	echo "Access Token Secret is: $access_token_secret \n";

	// Now store the access tokens. I've just put them in files for now, but the security
	// of these access tokens is important. They provide read/write access to the
	// authorised account, so they should be held somewhere safe.
	file_put_contents("access_token", $access_token);
	file_put_contents("access_token_secret", $access_token_secret);
	die();
}
elseif ($action == "test")
{
	// Read the stored access tokens
	$access_token = file_get_contents("access_token");
	$access_token_secret = file_get_contents("access_token_secret");

	// Initiate TwitterOAuth using the access tokens
	$connection = new TwitterOAuth($consumer_key, $consumer_key_secret, $access_token, $access_token_secret);

	// Perform a get request to /verify_credentials
	// n.b. Abraham's TwitterOAuth functions will parse the response from
	// its original format, and into an array
	$result = $connection->get('account/verify_credentials');

	if ($result->id)
	{
		echo "Connection checked OK \nAuthorised as @" . $result->screen_name . "\n";
	}
	else
	{
		echo "Not verified \n";
		print_r($result);
	}
}
elseif ($action == "tweet")
{
	// Read the stored access tokens
	$access_token = file_get_contents("access_token");
	$access_token_secret = file_get_contents("access_token_secret");

	// Initiate a TwitterOAuth using the access tokens
	$connection = new TwitterOAuth($consumer_key, $consumer_key_secret, $access_token, $access_token_secret);

	// Set the format of the test Message
	// I've included the rand()m number so sequential tests won't
	// be identical and ignored by twitter when testing
	$tweet = "Testing TweetUpdater via #OAuth. (" . rand() . ")";
	echo "Sending:  \"$tweet\"...\n";

	// Posting an update uses the post function
	$result = $connection->post('statuses/update', array('status' => $tweet));

	// Then check the results came back OK, or show the error message
	if ($result->text)
	{
		echo "Tweet reads:\n" . $result->user->screen_name . ": " . $result->text . "\n";
	}
	else
	{
		echo "Unexpected Results:\n";
		print_r($result);
	}
}

?>

Now it’s just the small matter of fitting all that into a plugin…!


Code and references from:

  1. http://kovshenin.com/archives/automatic-tweet-oauth/

  2. http://kovshenin.com/archives/twitter-api-pin-based-oauth-php/

  3. http://kovshenin.com/archives/twitter-robot-in-php-twibots-draft/

  4. http://blog.evandavey.com/2010/02/how-to-php-oauth-twitter.html

  5. http://github.com/abraham/twitteroauth/blob/master/redirect.php

  6. http://github.com/abraham/twitteroauth/blob/master/callback.php

  7. http://github.com/abraham/twitteroauth/blob/master/test.php