How do I migrate from a basic plaintext password authentication to an OAuth based system?

Question

Hello,

Found out today that Twitter will be discontinuing its basic authentication for its API; the push is now towards OAuth but I don’t have a clue as to how to use it or whether it’s the right path for me.

All I want to be able to do is post a tweet linking to the most recently published post when I hit publish. Currently I’m sending the login credentials for my Twitter account as plaintext, which I realise isn’t that secure but as my site is fairly small it isn’t an issue at least for now.

I’m using this basic PHP code:

$status = urlencode(stripslashes(urldecode("Test tweet")));
$tweetUrl = 'http://www.twitter.com/statuses/update.xml';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "$tweetUrl");
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, "status=$status");
curl_setopt($curl, CURLOPT_USERPWD, "$username:$password");

$result = curl_exec($curl);
$resultArray = curl_getinfo($curl);

if ($resultArray['http_code'] == 200)
{
    curl_close($curl);
    $this->redirect("");
}
else
{
    curl_close($curl);
    echo 'Could not post to Twitter. Please go back and try again.';
}

How do I move from this to an OAuth system? I’d greatly appreciate any tutorials/advice. Thanks in advance.

Answer 1

To start, why are you sending your account password over plain http:// and not SSL (https://)? I would change that immediately.

Second: http://oauth.net/documentation/getting-started/

Read Twitter's documentation too, I'm sure they have it somewhere.

Answer 2

This example is very good, and there are some more on Twitter's API Wiki.

Edit:
To upgrade you'll need to ask your users to click on the "login with Twitter" button instead of having them inputting their data. They'll be sent to Twitter OAuth page, and if they authorize your app you'll be able to procede normally. That way you don't have to deal with any passwords.

Answer 3

This site is good to make this easier rpxnow.com

Answer 4

just the OAuth protocol is based on the user authorization to access to the user data, so what you want is not possible whiteout the user authorization (the redirect to the twitter site).

i don't know how, but the auto-tweet plugin for wordpress make what you wish, if is a custom app where you want this feature, you could look at her code to see how is done.

Answer 5

I found this page/script useful when I implemented OAuth for Twitter: http://www.jaisenmathai.com/blog/2009/04/30/letting-your-users-sign-in-with-twitter-with-oauth/
I'm sure you can get this from the page I linked to, but the code I use with this class for my page is

$twtrObj=new EpiTwitter($consumer_key, $consumer_secret);
$twtrObj->setToken($tok, $sec);
$status="I just submited new artwork! http://gravityprops.com/dragonart/artwork?action=view&id={$id}";
$update=$twtrObj->post_statusesUpdate(array('status' => $status));
$tmp=$update->response;

with $tok and $sec being the token and secret for any specific user which I pull from the database. The $consumer_key and $consumer_secret are declared in a separate file which are included (in the same fashion as on the page I linked to). I put all the files I need in my PHP include folder so that only PHP can access it.