{"id":1386,"date":"2018-01-19T19:22:46","date_gmt":"2018-01-19T19:22:46","guid":{"rendered":"http:\/\/goofy-trucks.flywheelsites.com\/upgrading-basic-twitter-authentication-to-oauth-with-php\/"},"modified":"2018-01-19T19:24:45","modified_gmt":"2018-01-19T19:24:45","slug":"upgrading-basic-twitter-authentication-to-oauth-with-php","status":"publish","type":"post","link":"https:\/\/phpbuilder.com\/upgrading-basic-twitter-authentication-to-oauth-with-php\/","title":{"rendered":"Upgrading Basic Twitter Authentication to OAuth with PHP"},"content":{"rendered":"<div class=\"phpbuilder-content\">\n<div class=\"phpbuilder-meta\">\n<div class=\"\">By Sachin Khosla<\/div>\n<div class=\"\">on June 25, 2010<\/div>\n<\/p><\/div>\n<div id=\"overflow-content\">\n<div class=\"articlePara\">Twitter provides an API for developers to build applications on top of it. The API has supported basic authentication over HTTP, but beginning in June 2010 Twitter is discontinuing basic authentication and migrating all Web and desktop applications to <a href=\"http:\/\/oauth.net\/\" target=\"newFrame\">OAuth<\/a> (Open Authorization).<\/div>\n<div class=\"articlePara\">Although simpler to implement, basic authentication had its drawbacks. If your Web application uses basic authentication, your users will have to provide their credentials to get access to your website. Their credentials then will be passed over the network as a clear text &#8212; not a very secure or reliable method of authenticating a user. In addition, this method does not provide a persistent authentication token.<\/div>\n<div class=\"articlePara\">OAuth on the other hand provides a more secure way to authenticate users and allows a persistent access token, which application developers can then consume. For now, Twitter does not allow this authentication token to expire, meaning users do not have to log in every time they use the same application. The token becomes invalid only when a user rejects the application from his or her application settings.<\/div>\n<h2>What Is OAuth and How Does It Work?<\/h2>\n<div class=\"articlePara\">OAuth (Open Authorization) is an open standard that allows anyone to share resources securely from one site (which supports OAuth) to another third-party website. With OAuth, the user does not have to give his\/her credentials to the third-party website.<\/div>\n<div class=\"articlePara\">Figure 1 illustrates how Twitter allows OAuth to access its user details.<\/div>\n<p><a href=\"https:\/\/phpbuilder.com\/wp-content\/uploads\/2018\/01\/oauth-figure.jpg\" target=\"newFrame\"><br \/>\n<br \/><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/phpbuilder.com\/wp-content\/uploads\/2018\/01\/oauth-figure.jpg\" height=\"225\" width=\"400\" alt=\"How Twitter Employs OAuth\"\/><br \/><font size=\"1\"><em>Click here for larger image<\/em><\/font><\/a><br \/>\n<br \/><font size=\"2\"><b>Figure 1.<\/b> How Twitter Employs OAuth<\/font><\/p>\n<div class=\"articlePara\">If you have a Twitter API-based application, here is how it allows OAuth to access your users&#8217; details:<\/div>\n<ol>\n<li>When a user accesses your application, you need his\/her details (such as Twitter handle, friends, followers, etc.). To do so, your application sends a request to Twitter and gets a one-time request token, which is then used to create the authorization link.<\/li>\n<li>The user clicks on the authorization link and gets redirected to the Twitter website. When the user logs in, Twitter asks him or her whether it should allow <em>XYZ<\/em> application to access the user&#8217;s data.<\/li>\n<li>When the user grants your application access to his or her data, Twitter sends back an access token and an access token secret. Now your application does not require the user&#8217;s credentials to access his or her Twitter data. All it needs is the access token and the access token secret. You can store these in the database and create a cookie so that whenever the user visits you can recognize that user.<\/li>\n<div class=\"articlePara\">Now that you know what OAuth is and have a fair idea of how it works, let&#8217;s move ahead.<\/div>\n<\/ol>\n<h2>Getting Started with Twitter OAuth<\/h2>\n<div class=\"articlePara\">In this section, we will use Twitter&#8217;s OAuth API to authenticate an application and interact with a demo application. Follow these instructions to get started:<\/div>\n<ol>\n<li>Register your application at <a href=\"http:\/\/twitter.com\/apps\" target=\"newFrame\">twitter.com\/apps<\/a>. Be sure to give the correct callback URL, because this is where the user will be redirected after a successful authentication. Also take note of the <em>consumer key<\/em> and <em>consumer secret<\/em>, which will be provided after registering.<\/li>\n<li>Now that you have successfully registered your application, download the OAuth library and the wrapper class (contained in a zip file).  These will help you interact with the Twitter API.<\/li>\n<\/ol>\n<div class=\"articlePara\">Extract the zip file and you should see the following files.<\/div>\n<ol>\n<li><tt>OAuth.php<\/tt><\/li>\n<li><tt>TwitterAPI.php<\/tt><\/li>\n<li><tt>Index.php<\/tt><\/li>\n<li><tt>Config.php<\/tt><\/li>\n<li><tt>Callback.php<\/tt><\/li>\n<li><tt>README<\/tt><\/li>\n<\/ol>\n<div class=\"articlePara\">You first need to configure your application. To do so, open <tt>config.php<\/tt> and input the <code>CONSUMER_KEY<\/code> and <code>CONSUMER_SECRET<\/code> provided by Twitter when you registered your application. Also, specify the <code>CALLBACK_URL<\/code> to which Twitter should redirect users after successful authentication. Specifying the URL here will override the one you provided during the application registration process.<\/div>\n<\/div>\n<p><\/p>\n<div style=\"float: left; padding:15px; color:#17AAF3\">\n<div style=\"background-color:#B6E5FC; font-size:16px; margin-top:1px; padding:1px 4px 1px 4px; color:#000; font-style:bold; float:left;\">1<\/div>\n<div style=\"float:left; font-size:16px; color:#FF7A22; padding:2px 2px 2px 2px; \">| <\/div>\n<div style=\"float:left; padding:2px 4px 2px 4px;\"><a class=\"pageNumber\" href=\"sachin_khosla0625104658.html?page=2\">2<\/a> <\/div>\n<div style=\"float:left; padding:2px;\"><a class=\"paginationPageLink\" href=\"sachin_khosla0625104658.html?page=2\">Next Page \u00bb<\/a><\/div>\n<\/div>\n<p> Download: <a href=\"https:\/\/phpbuilder.com\/wp-content\/uploads\/2018\/01\/oauth-twitter.zip\">oauth-twitter.zip<\/a>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Twitter is dumping basic authentication for OAuth. Find out how to migrate all your Twitter applications to OAuth using<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1386","post","type-post","status-publish","format-standard","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/comments?post=1386"}],"version-history":[{"count":2,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1386\/revisions"}],"predecessor-version":[{"id":2407,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/posts\/1386\/revisions\/2407"}],"wp:attachment":[{"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/media?parent=1386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/categories?post=1386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phpbuilder.com\/wp-json\/wp\/v2\/tags?post=1386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}