views:

173

answers:

5

Hello,

Found out today that Twitter will be discontinuing its basic authentication for its API; the push is now towards OAuth but I don’t have a clue as to how to use it or whether it’s the right path for me.

All I want to be able to do is post a tweet linking to the most recently published post when I hit publish. Currently I’m sending the login credentials for my Twitter account as plaintext, which I realise isn’t that secure but as my site is fairly small it isn’t an issue at least for now.

I’m using this basic PHP code:

$status = urlencode(stripslashes(urldecode("Test tweet")));
$tweetUrl = 'http://www.twitter.com/statuses/update.xml';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "$tweetUrl");
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, "status=$status");
curl_setopt($curl, CURLOPT_USERPWD, "$username:$password");

$result = curl_exec($curl);
$resultArray = curl_getinfo($curl);

if ($resultArray['http_code'] == 200)
{
    curl_close($curl);
    $this->redirect("");
}
else
{
    curl_close($curl);
    echo 'Could not post to Twitter. Please go back and try again.';
}

How do I move from this to an OAuth system? I’d greatly appreciate any tutorials/advice. Thanks in advance.

+1  A: 

To start, why are you sending your account password over plain http:// and not SSL (https://)? I would change that immediately.

Second: http://oauth.net/documentation/getting-started/

Read Twitter's documentation too, I'm sure they have it somewhere.

Ixmatus
A: 

This example is very good, and there are some more on Twitter's API Wiki.

Edit:
To upgrade you'll need to ask your users to click on the "login with Twitter" button instead of having them inputting their data. They'll be sent to Twitter OAuth page, and if they authorize your app you'll be able to procede normally. That way you don't have to deal with any passwords.

Jorge
Note that I’m just using this for automated tweets that are published when an article gets published; there is only one account which is my own.
different
Ah, i see. Then what's needed is some sort of persistent authorization. I'll look for something...
Jorge
I think xAuth is what's needed. However, it's stated that it's not meant for web apps, only for mobile and desktop apps, and you have to apply to get an API key. xAuth doesn't require you to go to the authorization page everytime you use the app, only once. If you can get an API key, it's perfect.Here's the link: http://dev.twitter.com/pages/auth
Jorge
Not exactly what I want; what I want to be able to do is replicate what I’m doing now with basic auth in OAuth. This is all going through a browser; the PHP I wrote up there is executed on publish, in turn sending a tweet over to Twitter. It’s the setup of this OAuth process and then passing a request over to the API which I’m not clear on...
different
I'm not quite sure if there's a method in OAuth which does not require the auth redirection. Probably you'll get a precise answer on Twitter's discussion group.
Jorge
You will want to do the browser redirect one and save the access_tokens to continue posting updates. Once you get those access tokens think of them like your accounts passwords.
abraham
A: 

This site is good to make this easier rpxnow.com

Harry
That won't help one bit for this sort of API usage.
ceejayoz
A: 

just the OAuth protocol is based on the user authorization to access to the user data, so what you want is not possible whiteout the user authorization (the redirect to the twitter site).

i don't know how, but the auto-tweet plugin for wordpress make what you wish, if is a custom app where you want this feature, you could look at her code to see how is done.

shadow_of__soul
+1  A: 

I found this page/script useful when I implemented OAuth for Twitter: http://www.jaisenmathai.com/blog/2009/04/30/letting-your-users-sign-in-with-twitter-with-oauth/
I'm sure you can get this from the page I linked to, but the code I use with this class for my page is

$twtrObj=new EpiTwitter($consumer_key, $consumer_secret);
$twtrObj->setToken($tok, $sec);
$status="I just submited new artwork! http://gravityprops.com/dragonart/artwork?action=view&id={$id}";
$update=$twtrObj->post_statusesUpdate(array('status' => $status));
$tmp=$update->response;

with $tok and $sec being the token and secret for any specific user which I pull from the database. The $consumer_key and $consumer_secret are declared in a separate file which are included (in the same fashion as on the page I linked to). I put all the files I need in my PHP include folder so that only PHP can access it.

Ditto
Very helpful. Thanks!
different