Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
The temporary credentials need to be store while the user goes to twitter.com and authenticates. Sessions are awesome for this so I use it. You can use other mechanisms if you want. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Sat, Jul 24, 2010 at 09:12, Paul S Gutches wrote: > > > I follow that. > > I was wondering if the creds needed to be in a session var or not. > > I'll give it a try! > > Thank you! > > > On Jul 23, 2010, at 11:00 PM, Abraham Williams wrote: > > Hello Paul, > > In redirect.php the request token (also called temporary credentials) are > one use. After the user returns from twitter.com having authorized the > application they are exchanged for an access token from Twitter which is > long lasting and what you are after. > > If the request token is not being saved/retrieved from sessions properly > you can print it and the authenticate URL in redirect.php instead of > automatically redirecting. Copy/paste the authenticate url into a browser > window and authorize the app to access the user account. Then you can > manually put the request token into the quick and dirty code instead of > pulling from a session. Keep in mind that you can only use the request token > once so if you don't print the access token the first time you will have to > do it all again. > > Abraham > - > Abraham Williams | Hacker Advocate | http://abrah.am > @abraham | http://projects.abrah.am | http://blog.abrah.am > This email is: [ ] shareable [x] ask first [ ] private. > > >
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
I follow that. I was wondering if the creds needed to be in a session var or not. I'll give it a try! Thank you! On Jul 23, 2010, at 11:00 PM, Abraham Williams wrote: Hello Paul, In redirect.php the request token (also called temporary credentials) are one use. After the user returns from twitter.com having authorized the application they are exchanged for an access token from Twitter which is long lasting and what you are after. If the request token is not being saved/retrieved from sessions properly you can print it and the authenticate URL in redirect.php instead of automatically redirecting. Copy/paste the authenticate url into a browser window and authorize the app to access the user account. Then you can manually put the request token into the quick and dirty code instead of pulling from a session. Keep in mind that you can only use the request token once so if you don't print the access token the first time you will have to do it all again. Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
Hello Paul,
In redirect.php the request token (also called temporary credentials) are
one use. After the user returns from twitter.com having authorized the
application they are exchanged for an access token from Twitter which is
long lasting and what you are after.
If the request token is not being saved/retrieved from sessions properly you
can print it and the authenticate URL in redirect.php instead of
automatically redirecting. Copy/paste the authenticate url into a browser
window and authorize the app to access the user account. Then you can
manually put the request token into the quick and dirty code instead of
pulling from a session. Keep in mind that you can only use the request token
once so if you don't print the access token the first time you will have to
do it all again.
Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.
On Fri, Jul 23, 2010 at 14:23, Paul S Gutches wrote:
>
>
> Thanks Abraham.
>
> I'm still a bit baffled, but I'm sure the origin is local, haha.
>
> I used your testing routine with the "Sign in to Twitter" dialog to try to
> access the account token and secret for storage. In your redirect.php
> file, it does look like you are setting session vars in there for the token
> and secret before the redirect to Twitter.
>
> But it also says in your comments that those are temporary credentials. I
> was confused by that, because it's my understanding they're not supposed to
> expire, which is how they can be used again for future access. Do I have
> that wrong? I'm looking for the credentials that developers are storing
> for re-use of their user's Twitter accounts.
>
> Even though your redirect.php file is creating a session for the variables,
> when the callback to the quick and dirty code occurs, the variables are not
> accessible. I get the below notices.
>
>
> Notice: Undefined variable: _SESSION in
> /path/twittertest-oauth2.php on line 21
>
> Notice: Undefined variable: _SESSION in
> /path/twittertest-oauth2.php on line 21
>
> Notice: Undefined index: oauth_token in
> /path/twitteroauth/twitteroauth.php on line 118
>
> Notice: Undefined index: oauth_token_secret in
> /path/twitteroauth/twitteroauth.php on line 118
> array(1) {
> [" "]=>
> string(0) ""
> }
>
>
> Any advice for keeping hope alive? :)
>
> Thanks again
>
> Paul G
>
>
> On Jul 23, 2010, at 1:13 PM, Abraham Williams wrote:
>
> This is quick and dirty and assumes that oauth_token and oauth_token_secret
> are set in a session before you are redirected to twitter.com to authorize
> the application.
>
> $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET,
> $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
> $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
> var_dump($access_token);
>
> Abraham
> -
> Abraham Williams | Hacker Advocate | http://abrah.am
> @abraham | http://projects.abrah.am | http://blog.abrah.am
> This email is: [ ] shareable [x] ask first [ ] private.
>
>
>
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
Thanks Abraham.
I'm still a bit baffled, but I'm sure the origin is local, haha.
I used your testing routine with the "Sign in to Twitter" dialog to
try to access the account token and secret for storage. In your
redirect.php file, it does look like you are setting session vars in
there for the token and secret before the redirect to Twitter.
But it also says in your comments that those are temporary
credentials. I was confused by that, because it's my understanding
they're not supposed to expire, which is how they can be used again
for future access. Do I have that wrong? I'm looking for the
credentials that developers are storing for re-use of their user's
Twitter accounts.
Even though your redirect.php file is creating a session for the
variables, when the callback to the quick and dirty code occurs, the
variables are not accessible. I get the below notices.
Notice: Undefined variable: _SESSION in /path/twittertest-
oauth2.php on line 21
Notice: Undefined variable: _SESSION in /path/twittertest-
oauth2.php on line 21
Notice: Undefined index: oauth_token in /path/twitteroauth/
twitteroauth.php on line 118
Notice: Undefined index: oauth_token_secret in /path/
twitteroauth/twitteroauth.php on line 118
array(1) {
[" "]=>
string(0) ""
}
Any advice for keeping hope alive? :)
Thanks again
Paul G
On Jul 23, 2010, at 1:13 PM, Abraham Williams wrote:
This is quick and dirty and assumes that oauth_token and
oauth_token_secret are set in a session before you are redirected to twitter.com
to authorize the application.
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET,
$_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
$access_token = $connection->getAccessToken($_REQUEST
['oauth_verifier']);
var_dump($access_token);
Abraham
-
Abraham Williams | Hacker Advocate | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
This is quick and dirty and assumes that oauth_token and oauth_token_secret are set in a session before you are redirected to twitter.com to authorize the application. $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']); $access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']); var_dump($access_token); Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private. On Fri, Jul 23, 2010 at 09:49, Paul S Gutches wrote: > > > Ok... > > looks like there are others who received the same exception error when > trying to generate an auth url. > > So, I switched over to Abraham's routine, which worked, and the oauth_token > and verifier came back, but sadly, a new exception was thrown in the > twitter-async code I was still using to retrieve the key/secret. > > Right now I'm trying to use Abraham's twitteroauth to output the same info. > Is that possible? > > I looked at the class source but they are different enough to make it > opaque to me. There is no equivalent setToken in twitteroauth. > > Does anyone know how to get twitteroauth to spill the same beans?I'm so > close, and yet so far! > > for the intrepid, here are the async calls I'm trying to find equivalents > for in twitteroauth > > > $twitter->setToken( $_GET["oauth_token"] ); > $token = $twitter->getAccessToken( array( "oauth_verifier" => > $_GET["oauth_verifier"] ) ); > var_dump( $token->oauth_token, $token->oauth_token_secret ); > > > thank you > > Paul G > > > > On Jul 22, 2010, at 5:53 PM, Paul wrote: > > Hi Paul, >> >> Is there a way to retrieve the consumer keys for the other Twitter >>> account I own without registering an app? >>> >> >> Yep, if you use that script given previously, just login to the other >> Twitter account instead (with the same consumer key/secret. This will >> give you a different pair of tokens for the second account. >> >> Initialise as in tweeting example with the new token. Basically what >> you're doing is authorising the same app for both accounts. >> >> - Paul >> >> >
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
Ok... looks like there are others who received the same exception error when trying to generate an auth url. So, I switched over to Abraham's routine, which worked, and the oauth_token and verifier came back, but sadly, a new exception was thrown in the twitter-async code I was still using to retrieve the key/ secret. Right now I'm trying to use Abraham's twitteroauth to output the same info. Is that possible? I looked at the class source but they are different enough to make it opaque to me. There is no equivalent setToken in twitteroauth. Does anyone know how to get twitteroauth to spill the same beans? I'm so close, and yet so far! for the intrepid, here are the async calls I'm trying to find equivalents for in twitteroauth $twitter->setToken( $_GET["oauth_token"] ); $token = $twitter->getAccessToken( array( "oauth_verifier" => $_GET ["oauth_verifier"] ) ); var_dump( $token->oauth_token, $token->oauth_token_secret ); thank you Paul G On Jul 22, 2010, at 5:53 PM, Paul wrote: Hi Paul, Is there a way to retrieve the consumer keys for the other Twitter account I own without registering an app? Yep, if you use that script given previously, just login to the other Twitter account instead (with the same consumer key/secret. This will give you a different pair of tokens for the second account. Initialise as in tweeting example with the new token. Basically what you're doing is authorising the same app for both accounts. - Paul
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
ok. thanks for testing! On Jul 23, 2010, at 4:58 AM, Paul wrote: Hi Paul, Yep, was referring to the snippet. I've just copy/pasted yours, changed keys and callback URL and your code works for me. I'm afraid the only thing I can suggest is to double-check your consumer key/secret, Cheers, - Paul
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
Paul,
If you are referring to the twitter-async example you posted, I have
installed that and I'm working with it now.
I assume the first time through it's meant to take a detour through a
Twitter authorization, then back to the same script in which
oauth_token and secret is set... and dumped...
Looks like I'm not getting a proper authorize URL, and in fact the
script dies at that call. No output. Maybe someone can eyeball
what's going wrong.
Here's what the stack trace says, followed by the script
(the names and places have been changed to protect the innocent)
Fatal error: Uncaught exception 'EpiOAuthException' in /path/
twitter-async/EpiOAuth.php:397
Stack trace:
#0 /path/twitter-async/EpiOAuth.php(367): EpiOAuthException::raise
(Object(EpiCurlManager), false)
#1 /path/twitter-async/EpiOAuth.php(47): EpiOAuthResponse->__get
('oauth_token')
#2 /path/twittertest-oauth2.php(29): EpiOAuth->getAuthorizeUrl
(NULL, Array)
#3 {main}
thrown in /path/twitter-async/EpiOAuth.php on line 397b>
define( "CONSUMER_SECRET", "$MY_CONSUMER_SECRET" ); // actual secret
used
$twitter = new EpiTwitter( CONSUMER_KEY, CONSUMER_SECRET );
if( isset( $_GET["oauth_token"] ) ){
try{
$twitter->setToken( $_GET["oauth_token"] );
$token = $twitter->getAccessToken( array( "oauth_verifier" => $_GET
["oauth_verifier"] ) );
var_dump( $token->oauth_token, $token->oauth_token_secret );
}
catch( Exception $e )
{
var_dump( get_class( $e ) );
}
}else{
$location = $twitter->getAuthorizeUrl(null,array("oauth_callback" => "http://www.mydomain.tld/dir/twittertest-oauth2.php
")); // same address as this script
header("Location: $location");
exit;
}
?>
On Jul 22, 2010, at 5:53 PM, Paul wrote:
Hi Paul,
Is there a way to retrieve the consumer keys for the other Twitter
account I own without registering an app?
Yep, if you use that script given previously, just login to the other
Twitter account instead (with the same consumer key/secret. This will
give you a different pair of tokens for the second account.
Initialise as in tweeting example with the new token. Basically what
you're doing is authorising the same app for both accounts.
- Paul
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
thanks for fast-tracking me on this! I imagine I would have been at this several more days without this information. Thank you, thank you... and did I say thank you? :) Regards On Jul 22, 2010, at 1:04 PM, Paul wrote: One off: 1) Login to your company Twitter account. 2) Settings -> Connections -> Click the link under Developers at bottom right. Takes you to: http://twitter.com/apps 3) Register your app. You can get away with 127.0.0.1 as the callback URL if you're running a local webserver, but it's not so important if you're just doing this as a one off as you can specify callback URL at request time.
Re: [twitter-dev] Re: Twitter oAuth for PHP, some advice needed
Hi Paul G,
In addition to Paul's great recommendations here, there's another
shortcut you can use to more quickly implement the portions of OAuth
you need to continue functioning. We offer the ability to simply get
the access token for the user who "owns" your application, directly
through an interface on dev.twitter.com -- when viewing your
application detail page, you can select the link on the right-hand
sidebar called "My Token" and then use those values, hardcoded, in
your application. There's some implementation examples of this at
http://bit.ly/1token
Taylor
On Thu, Jul 22, 2010 at 12:04 PM, Paul wrote:
>
> Hi Paul,
>
>> 1. Do I need to upgrade to OAuth?
>
> Twitter are killing off basic authentication on 16th August, so you'll
> need to upgrade.
>
>> 2. If I need to upgrade to OAuth, can it be done in such a way as to
>> work without browser login and redirect requirements? (as per example)
>
> The Twitter OAuth tokens don't currently expire so you could do the
> auth once then store the tokens for later non-interactive use.
>
>> 3. If 2 is true, any tutorials that match that situation you can point
>> me to?
>
> Don't know if you're tied to a current library but
> http://github.com/jmathai/twitter-async
> does a good job of OAuth.
>
> Rough process:
>
> One off:
>
> 1) Login to your company Twitter account.
> 2) Settings -> Connections -> Click the link under Developers at
> bottom right. Takes you to: http://twitter.com/apps
> 3) Register your app. You can get away with 127.0.0.1 as the callback
> URL if you're running a local webserver, but it's not so important if
> you're just doing this as a one off as you can specify callback URL at
> request time.
>
> You'll probably want:
>
> Type: Browser
> Access Type: Read & Write
> Use Twitter for login: No
>
> This will get you your consumer key & secret.
>
> 4) Assuming use of twitter-async, here's some scrappy code that'll get
> you your tokens:
>
>
> require_once "twitter-async/EpiCurl.php";
> require_once "twitter-async/EpiOAuth.php";
> require_once "twitter-async/EpiTwitter.php";
>
> define( "CONSUMER_KEY", "X" );
> define( "CONSUMER_SECRET", "X" );
>
> $twitter = new EpiTwitter( CONSUMER_KEY, CONSUMER_SECRET );
>
> if( isset( $_GET["oauth_token"] ) )
> {
> try
> {
> $twitter->setToken( $_GET["oauth_token"] );
> $token = $twitter-
>>getAccessToken( array( "oauth_verifier" =>
> $_GET["oauth_verifier"] ) );
> var_dump( $token->oauth_token, $token-
>>oauth_token_secret );
> }
> catch( Exception $e )
> {
> var_dump( get_class( $e ) );
> }
> }
> else
> header( "Location: " . $twitter->getAuthorizeUrl( null,
> array( "oauth_callback" => "http://127.0.0.1/
> path_to_this_script.php" ) ) );
>
> ?>
>
> Obviously change the callback URL to point to wherever you host this
> script, and fill in your consumer key/secret.
>
> After you've authed the account, twitter will bring you back and the
> script will spit out your oauth_token and oauth_secret.
>
>
> So from now on if you want to tweet, you simply:
>
> $twitter = new EpiTwitter( CONSUMER_KEY, CONSUMER_SECRET, OAUTH_TOKEN,
> OAUTH_TOKEN_SECRET );
> $twitter->post_statusesUpdate( array( "status" => "Something exciting
> happened!" ) );
>
>
> There's probably an easier way to get the tokens, but this worked well
> for me.
>
> Hope this helps,
> - Paul
>
>
