Permanent OAuth tokens


I have a website on which a user can create an account and I also have set up a complementary Twitter application. I would like to allow my users to link their Twitter account to their account on my site, so that when they log in with their credentials for my website, they have quick access to Twitter functionality such as posting a tweet of content from my site without having to go through another Twitter login. Worded differently, I want to store my users OAuth access token and OAuth secret token so that I can, for example, show their profile picture when they login to my site (NOT logging in with Twitter). Would storing those tokens be the correct way to accomplish my goal? Right now I am trying to use the EpiTwitter Library. Here is my php for how I’m currently going about this:

$page = new PageCreator($pageinfo);  //My class to handle building the HTML for my pages
$twitterObj = new EpiTwitter($__TWITTER['ConsumerKey'], $__TWITTER['ConsumerSecret']); //Make a twitter object with my app's tokens

if(isset($_GET['oauth_token'])) { //If they have been redirected here from Twitter
  $token = $twitterObj->getAccessToken();
  $twitterObj->setToken($token->oauth_token, $token->oauth_token_secret);
  $twitterInfo= $twitterObj->get_accountVerify_credentials();
  $username = $twitterInfo->screen_name;
  $t = new TwitterToken;  //My class to hold basic twitter info
  $t->access = $token->oauth_token;
  $t->secret = $token->oauth_token_secret;
  $t->handle = $username;
  $userDBA = UserDBA::getInstance(); //My class for interacting with my User table
  $userDBA->addTwitter($_SESSION['user'],$t); //Updates the user record
  $page->addContent("<p>Thanks! @$username is now linked to your NBAQuotes account!</p>");
} else {
	if(isset($_SESSION['user']) && !isset($_SESSION['user']->twitter)) { //If they are logged in but do not have Twitter info stored
	  $url = $twitterObj->getAuthorizationUrl();
	  $page->addContent("<a href='$url'>Link your twitter account!</a>");
	} else { //They are not logged in at all
	  $page->addContent("<p>Please sign in with your account first!</p>");

The database interactions all work just fine. I know the keys retrieved here are correct at first because retrieving their Twitter username with these new tokens is always successful. However, after changing the page, if I make a new EpiTwitter object like:

$twitterObj = new EpiTwitter($__TWITTER['ConsumerKey'], $__TWITTER['ConsumerSecret'],$t->access,$t->secret);
$twitterInfo= $twitterObj->get_accountVerify_credentials();

where $t is my TwitterToken for the logged in user and var_dump($t) shows that it is populated with the correct values, I get an ‘EpiOAuthNotAuthorized’ exception. I’ve noticed that if I try this multiple times for the same Twitter account, the tokens it returns are different every time. How do I get permanent access tokens using PHP and OAuth?


Twitter’s OAuth access tokens are permanent until revoked, so storing them would be the correct way to prevent running your users through the auth flow each time they wish to access Twitter functionality on your site.

At a high level it looks like you’re doing the right thing. I’m unfamiliar with EpiTwitter though - is it possible you’re not initializing it correctly in the second example?




Same Issue with Java…
Q : I want get permanent Token and token secret once authenticated.

Current Process:

First Time authenticated then those token are valid the immediately posted my tweets…then tried post next tweet using same token its failed… Please help on this issue.

Please check my code

public class TwitterHandler {

private static final String TWITTER_ACCESS_TOKEN_URL = "";
private static final String TWITTER_AUTHORZE_URL = "";
private static final String TWITTER_REQUEST_URL = "";
private static final String CONSUMER_KEY = "";
private static final String CONSUMER_SECRET = "";
public static final String OAUTH_CALLBACK_SCHEME = "x-oauthflow-twitter";
public static final String OAUTH_CALLBACK_HOST = "callback";
public static final String CALLBACK_URL = OAUTH_CALLBACK_SCHEME + "://"

private OAuthConsumer OAUTH_CONSUMER; 
private OAuthProvider OAUTH_PROVIDER;
private Twitter mTwitter;
public  TwitterHandler() {
		try {
    	    OAUTH_PROVIDER = new DefaultOAuthProvider(TWITTER_REQUEST_URL,
    	    mTwitter = new TwitterFactory().getInstance();
    	} catch (Exception e) {

public void postTweet(String message) throws Exception{
	try {
		authUrl = OAUTH_PROVIDER.retrieveRequestToken(
	} catch (Exception e) {
	try {
		OAUTH_CONSUMER.setTokenWithSecret(OAUTH_CONSUMER.getToken(), OAUTH_CONSUMER.getTokenSecret());
		final String verifier = getVerifier(authUrl);
		OAUTH_PROVIDER.retrieveAccessToken(OAUTH_CONSUMER, verifier);
		AccessToken mAccessToken = new AccessToken(
		mTwitter.setOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
		System.out.println(" @@@@@@@ token and secret "+mAccessToken.getToken()+ " "+mAccessToken.getTokenSecret());
		Status status= mTwitter.updateStatus(message);
	} catch (Exception e) {
		respJson = e.getMessage();

private String getVerifier(String callbackUrl) {
	String verifier = "";

	try {
		callbackUrl = callbackUrl.replace("twitterapp", "http");
		URL url = new URL(callbackUrl);
		String query = url.getQuery();
		String array[] = query.split("&");
		for (String parameter : array) {
			String v[] = parameter.split("=");
			if (URLDecoder.decode(v[0]).equals(
					oauth.signpost.OAuth.OAUTH_VERIFIER)) {
				verifier = URLDecoder.decode(v[1]);
	} catch (MalformedURLException e) {
	return verifier;



I too have same problem… Please help me out from this


Hi All,
I got the solution please follow below mention step to do setting on twitter account:

  1. Go to ‘Settings’ tab and set Application type “Read/Write”.
  2. Go to “Oauth Tool” tab and set “Post” as Request settings.
    3 . Then save .
    It will work.


thanks. it’s work


i am also getting same problem please help me.