PHP, Server Side, Submit Tweets

oauth
php

#1

Hey guys,
I’m trying to write an application in PHP which can receive user authorization to post tweets automatically, and then send those tweets from the server side.
The application will actually be taking content from a user and posting it to several media sites at the same time, so requiring user interaction for the tweets is not an option.
I’ve tried going the the Twitter API documentation and, frankly, it’s worthless. The REST API documentation is all for OAuth, not OAuth2, so the URLs, signatures and encoding methods are all wrong. I tried using the “Abraham TwitterOAuth” library, but ot create the object, you have to already have an access token.
I tried this method, but don’t know what to do with the result:

$SendToken = CONSUMER_KEY . “:” . CONSUMER_SECRET;
$SendToken = base64_encode($SendToken);
$ch = curl_init(“https://api.twitter.com/oauth2/token”);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Basic ’ . $SendToken,
“Content-Type: application/x-www-form-urlencoded;charset=UTF-8”
));
$Data = “grant_type=client_credentials”;
curl_setopt($ch, CURLOPT_POSTFIELDS, $Data);
$Data = curl_exec($ch);
curl_close($ch);
print_r($Data);

Can anyone help?

– Allen


#2

In order to post tweets you need the authentication context of a user. User auth is only provided via OAuth 1 and not Oauth 2. You can read more about app only authentication (OAuth 2) and what restrictions it has in the docs.

In order to post tweets, the accounts in question will have to go through an OAuth 2 flow. The most common approach is with the 3-legged flow.


#3

I’m aware you have to have an access token from the user, though I wasn’t aware User auth was in OAuth 1 - that explains why I couldn’t find it in the documentation.
I did try starting the method described here: https://dev.twitter.com/web/sign-in/implementing
But I couldn’t figure out what “oauth_nonce” is, or how to form “oauth_signature”, which I assume is the method in my code block, but that uses base64 encoding, not “HMAC-SHA1” (a whole separate problem).

– Allen


#4

What all the OAuth 1 params are and how to generate signatures is described in authorizing a request. I would however recommend against rolling your own OAuth 1 implementation. It’s very difficult to get it correct and there are a number of solid open source libraries that will handle it for you.


#5

I’m sorry that you found the documentation lacking. I’d love it if you could provide some specific feedback on improvements that we could look at.

OAuth2 is only used in the application-only flow, and any POST requests will require a user context, as @abraham explains.


#6

The documentation is very difficult to use for a couple of reasons.
Firstly, to do anything with the API, the entries for that process are scattered in many places.
Automated tweet (status) posting, for instance: To learn how to do that, one must look in these separate sections:

 1. How to get an access token from Twitter
 2. How to send an OAuth request
   a. What oauth_nonce is
   b. What "oauth_signature" is, how it's formed and the valid encryption protocols
 3. Where to redirect the user
 4. How to post a tweet (status)
 5. How to interpret the responses from all the above

That’s a lot of different navigating to perform a single, seemingly boilerplate operation.
What I would recommend is creating a collection of common use code scenarios [in an arbitrary programming language] which describe, from beginning to end, how to perform the most common operations for Twitter.

The second reason is that there aren’t any libraries for the API distributed by Twitter itself. If there were, the need for so much documentation would be relieved. As an example, I didn’t need any documentation for integrating Facebook because downloading their PHP library and looking up a single example took all of 15 minutes.
I’m aware that there are 3rd party libraries, but they aren’t comprehensive. The “Abraham” Twitter authorization library, for instance, requires an access token and secret - which means that it doesn’t cover user context automated operations.

The authorization process is certainly the worst part; I didn’t even realize you guys still used OAuth 1 until I found out here. But frankly, that the operations described (e.g. search, status post, DM receiving) aren’t explained top to bottom in the documentation spaces is the reason figuring anything out is so challenging.


#7

I’m not quite sure what you mean by this. An access token and secret is what makes the authenticated request have a user context. Without an access token and secret you are not authenticating as a user and you can not perform any actions as a user.


#8

BTW the TwitterOAuth docs have a full and live walkthrough of authenticating a user and getting their access token and secret.

And the homepage has examples of all the pieces to load the library, add user credentials, and post a tweet.


#9

Ah - TwitterOAuth website might be exactly what I needed. Thanks!


#10

Awesome - using that site I was able to perform a successful test going from authorization to actually posting a tweet. Your help is very much appreciated!