Oauth php and twitter

How to Integrate Twitter OAuth 2.0 in PHP + (Regenerate Access Token using OAuth 2.0)

Do you want to integrate Twitter OAuth 2.0 into your application? While interacting with Twitter API 2, you need to deal with OAuth 2.0. In this tutorial, I’ll show you how to use Twitter OAuth 2.0 with PHP on your website.

Twitter comes with 2 authentication methods – OAuth 1.0a and OAuth 2.0. I already wrote an article on using OAuth 1.0a with Twitter.

How Twitter OAuth 2.0 Works?

In Twitter OAuth 2.0, you need to build a login flow and grab the access token upon successful authorization. This access token then acts as an identifier of the user account. You don’t need to ask the user to repeat the login flow again. With the access token, you can perform specific operations based on the scopes you requested during authentication.

One important thing you should know is the access token cannot be used forever. It has a certain lifespan, after which it expires. And once expired your API requests will not be succeeded. To catch this scenario, you have to regenerate the access token using the refresh token. We’ll write the code which handles the expired access token and regenerate it.

Database Configuration

As we are going to build the OAuth 2.0 flow, it needs to store the token information in the database. Create the twitteroauth table using the below SQL.

CREATE TABLE `twitteroauth` ( `id` int(11) NOT NULL AUTO_INCREMENT, `provider` varchar(255) NOT NULL, `provider_value` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

In the application, it needs to interact with the database for the following purposes.

• Insert or update the token information
• Fetch the access token
• Fetch the refresh token

I am creating a class-db.php file and including a few functions to handle this stuff.

db))< // Connect to the database $conn = new mysqli($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName); if($conn->connect_error)< die("Failed to connect with MySQL: " . $conn->connect_error); >else< $this->db = $conn; > > > public function is_table_empty() < $result = $this->db->query("SELECT id FROM twitteroauth WHERE provider = 'twitter'"); if($result->num_rows) < return false; >return true; > public function get_access_token() < $sql = $this->db->query("SELECT provider_value FROM twitteroauth WHERE provider = 'twitter'"); $result = $sql->fetch_assoc(); return json_decode($result['provider_value']); > public function get_refersh_token() < $result = $this->get_access_token(); return $result->refresh_token; > public function update_access_token($token) < if($this->is_table_empty()) < $this->db->query("INSERT INTO twitteroauth(provider, provider_value) VALUES('twitter', '$token')"); > else < $this->db->query("UPDATE twitteroauth SET provider_value = '$token' WHERE provider = 'twitter'"); > > >

Install Guzzle Library

You can test Twitter OAuth 2.0 on a local server. For a demo purpose, create a directory twitteroauth on your local PHP setup say XAMPP. Inside this directory, run the below composer command which installs the Guzzle package.

composer require guzzlehttp/guzzle

The Guzzle package is used to send HTTP Requests to the API endpoint. It also handles the API response.

Upon package installation, create a few PHP files that will be required to build our demo.

• config.php : To store a few values as PHP constants.
• login.php : It initiates the Twitter login flow for authentication purposes.
• index.php : Callback or Redirect URL. Twitter redirects the user to this URL after their authentication.
• get-user.php : In this file, we’ll write a code to fetch user details by passing the access token in the header Authorization.

OAuth 2.0 Client ID and Client Secret

To initiate the OAuth 2.0 authentication, you need to grab your client ID and client secret. Follow the below steps to acquire these values:

• Sign up for a Twitter developer account.
• Create a Twitter App within a developer portal.
• Make sure you add a Twitter App to a Project. It’s compulsory for OAuth 2.0.
• On User authentication settings, set a Redirect URL to http://localhost/twitteroauth/index.php
• Copy your client ID and client secret.

Next, to your config.php add these values as PHP constants. Also, include the database configuration and package environment.

Initiate Login Flow and Store Token Information

Before initiating a login flow, you have to first build the authorization URL. This URL needs a few parameters which will be verified on the Twitter end. These parameters include client_id, scopes, redirect_url, state, and code_challenge.

The scopes parameter has values you’re asking users to approve – read tweets, write tweets, etc.

The state and code_challenge will have a random string that should be verified at your application end. We’ll verify it in the redirect URL( index.php ). Twitter sends back these parameters to cross-check if it’s the same request that one initiated.

The following code will go inside the login.php file.

Keep a note I passed the offline.access to the scopes variable. When this scope is set, Twitter provides you with the refresh token. Using this refresh token, we will regenerate the access token in the background.

Let’s write the code to send a request for the access token, receive the response, and store it in the database.

 'https://api.twitter.com', ]); try < // get access token $response = $client->request('POST', '/2/oauth2/token', [ "form_params" => [ "grant_type" => "authorization_code", "code" => $_GET['code'], "client_id" => CLIENT_ID, "redirect_uri" => REDIRECT_URL, "code_verifier" => $_SESSION['challenge'], ], ]); $res = json_decode($response->getBody()); $db = new DB(); $db->update_access_token(json_encode($res)); echo "Access token inserted successfully."; > catch(Exception $e) < echo $e->getMessage(); > > > else

Now, you can run the login.php on the browser. Click on the login link, complete the authentication and your token details should be inserted into the database.

Get User Details with OAuth 2.0

We got the access token and can now interact with the Twitter API using OAuth 2.0. As I stated earlier, to each API request we must pass the access token so Twitter identifies the user and performs the operation. This access token will be sent as in Header Authorization.

I am taking an example of fetching user details from Twitter who have authenticated. I’ll wrap the code inside the try/catch block. This is because the control will jump to the catch block once the access token is expired. Twitter returns the 401 status code for the expired access token. Inside the catch block, we’ll regenerate the access token and update it in the database. This operation would perform in the background and without breaking the application.

get_access_token(); $access_token = $arr_token['access_token']; try < // get user details $client = new GuzzleHttp\Client([ 'base_uri' =>'https://api.twitter.com', ]); $response = $client->request('GET', '/2/users/me', [ "headers" => [ "Authorization" => "Bearer ". $access_token ] ]); $res = json_decode($response->getBody()); // print_r($res); $id = $res->data->id; echo "
Twitter User ID: $id
"; > catch(Exception $e) < if (401 == $e->getCode()) < $refresh_token = $db->get_refersh_token(); $response = $client->request('POST', '/2/oauth2/token', [ 'form_params' => [ "grant_type" => "refresh_token", "refresh_token" => $refresh_token, "client_id" => CLIENT_ID, ], ]); $db->update_access_token($response->getBody()); get_user_details(); > > >

Run this file on the browser and you should see the user details. To test if OAuth 2.0 is working correctly, run this file frequently at intervals of 2 hours.

It’s all about integrating Twitter OAuth 2.0 using PHP. I hope you understand and can easily include it in your project. Please share your thoughts and suggestions in the comment below.

Related Articles

If you liked this article, then please subscribe to our YouTube Channel for video tutorials.

Источник

TwitterOAuth

The most popular PHP library for use with the Twitter OAuth REST API.

Installation

With Composer

The recommended and easy as pie method is Composer. Setup require in your projects composer.json file. Latest release:

composer require abraham/twitteroauth

Import the TwitterOAuth class.

require "vendor/autoload.php"; use Abraham\TwitterOAuth\TwitterOAuth;

Start making API requests.

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret); $content = $connection->get("account/verify_credentials");

Requirements

PHP

Versions listed as «active support» or «security fixes» are supported.

Dependencies

Authorization flow

This site is a working example. to see the flow.

Usage

Unlike many Twitter API libraries, TwitterOAuth doesn’t provide a custom function for every API method. Instead there are a couple of generic functions so that as Twitter adds features to the API you don’t need to update the library. Here is an example of GET statuses/home_timeline .

GET https://api.twitter.com/1.1/statuses/home_timeline.json?count=25&exclude_replies=true

$statuses = $connection->get("statuses/home_timeline", ["count" => 25, "exclude_replies" => true]);

v2 API

v2 API methods are supported by setting the API Version. E.g. GET /2/users .

GET https://api.twitter.com/2/users?id=12

$connection = new TwitterOAuth(. ); $connection->setApiVersion('2'); $response = $connection->get('users', ['ids' => 12]);

Methods

TwitterOAuth provides a couple of minimalist wrappers around Twitter’s API methods.

OAuth

Only used when authorizing access to a users account. Includes API methods like POST oauth/request_token and POST oauth/access_token .

$access_token = $connection->oauth("oauth/access_token", ["oauth_verifier" => "nMznkpFRTMCuNMsmALzel9FgPlmWQDWg"]);

URL

This is a special wrapper that doesn’t hit the API. It builds the URL where users will authorize access to their account at. Only used for GET oauth/authorize and GET oauth/authenticate .

$url = $connection->url("oauth/authorize", ["oauth_token" => "EaQLH34YD8pgKkUiSp8RbjjOgNxIYVh7"]);

GET

API methods that are HTTP GET requests. E.g. GET search/tweets .

GET https://api.twitter.com/1.1/search/tweets.json?q=twitterapi

$statuses = $connection->get("search/tweets", ["q" => "twitterapi"]);

POST

API methods that are HTTP POST requests. E.g. POST statuses/update .

POST https://api.twitter.com/1.1/statuses/update.json?status=hello%20world

$statues = $connection->post("statuses/update", ["status" => "hello world"]);

Media

Upload images using POST media/upload .

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret); $media1 = $connection->upload('media/upload', ['media' => '/path/to/file/kitten1.jpg']); $media2 = $connection->upload('media/upload', ['media' => '/path/to/file/kitten2.jpg']); $parameters = [ 'status' => 'Meow Meow Meow', 'media_ids' => implode(',', [$media1->media_id_string, $media2->media_id_string]) ]; $result = $connection->post('statuses/update', $parameters);

JSON data

Send JSON data to POST direct_messages/events/new .

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret); $data = [ 'event' => [ 'type' => 'message_create', 'message_create' => [ 'target' => [ 'recipient_id' => $userId ], 'message_data' => [ 'text' => 'Hello World!' ] ] ] ]; $result = $connection->post('direct_messages/events/new', $data, true); // Note the true

Streaming

Streaming is not currently supported.

Proxy

HTTP proxy support can be enabled like this.

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret); $connection->setProxy([ 'CURLOPT_PROXY' => '127.0.0.0', 'CURLOPT_PROXYUSERPWD' => '', 'CURLOPT_PROXYPORT' => 8080, ]);

Error handling

After every request you should validate it was a success.

$statues = $connection->post("statuses/update", ["status" => "hello world"]); if ($connection->getLastHttpCode() == 200) < // Tweet posted successfully >else < // Handle error case >

Changing timeout settings

If you experience any timeout errors you can change the default timeout settings for cURL.

$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret); $connection->setTimeouts(10, 15);

The first parameter corresponds to the timeout for the connect phase and the second to the maximum time the request is allowed to take.

Related projects

Web Component

If you are looking for an easy way to render user profiles on websites, check out twitter-user.

Web Component

If you are looking for an easy way to render tweets on websites, check out twitter-status.

TypeScript types

Easy TypeScript types for Twitter API objects with twitter-d.ts.

Test data in Ruby

Easily mock test Twitter data with Faker::Twitter .

Built by Abraham Williams for use with the Twitter API. TwitterOAuth is not affiliated Twitter, Inc.

Источник