Problems using ZendOAuth for application-only-auth


#1

I want to read some public feeds, so i’ve created an account and added an application.
Because this is part of a larger Zend Framework 2 application, i decided to to use ZendService/Twitter for this who in turn uses ZendOAuth for authentication.

Unfortunately it’s not working out of the box. After a lot of debugging i finally found the problem: When i output the request that is sent to api.twitter i see that it looks like this:

POST /oauth2/token HTTP/1.1
Host: api.twitter.com
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: Zend\Http\Client
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth realm="",oauth_consumer_key="[mykey]",oauth_nonce="[someothervalue]",oauth_timestamp=“1368280451”,oauth_signature_method=“HMAC-SHA1”,oauth_version=“1.0”,oauth_callback=“oob”,oauth_signature="[signature]"

(the values between [] were removed by me for this post - not sure how sensitive they are)
When i manually overwrote the Authorization header according to the specs i found here:

https://dev.twitter.com/docs/auth/application-only-auth

It still didn’t work. I then realized i also had to manually set the body of the request to grant_type=client_credentials. With that in place, it finally worked!

I must admit i didn’t have any experience with oauth yet so maybe i’m just not using the library correctly. I’m posting this here hoping anyone else with experience in using ZendOAuth in combination with Twitter could explain me if i do something wrong or that Twitter is just using another standard, not supported by this library


#2

It looks like your library is trying to do two kinds of OAuth at once here – likely it doesn’t support app-only auth. You probably could do much better just using a straight-forward HTTP client for the app-only auth component.