I am not going to include the Twitter OAuth Library source. You have to download it from Github. The link is available in my previous post.

consumer.php

<?php
// Filename: consumer.php
// contains the consumer key and consumer secret
// works as a configuration file that can be included in other
// scripts.
$consumer_key = 'Ll0Sq8HyJzBOqXqksH7N4w';
$consumer_secret = 'WwMdrN13UTJL79KyI6unm3xTm5tdF8E4U3FMKE7i5co';
?>

index.php

<?php
// Filename: index.php
// The file that gets called when you visit the app home page
 
// require twitterOAuth lib
require_once('twitterOAuth.php');
// require the consumer details -- consumer key and consumer secret
require_once('consumer.php');
 
//construct a new twitter object
$twitter = new TwitterOAuth($consumer_key,$consumer_secret);
// get the token to make an authorization request
$token = $twitter->getRequestToken();
// store the token for further use
file_put_contents("token",$token['oauth_token']);
file_put_contents("token_secret",$token['oauth_token_secret']);
// build the authorization url
$url = $twitter->getAuthorizeURL($token['oauth_token']);
// redirect the user to the authorization url automatically
header("Location: $url ");
?>

return.php

<?php
//Filename: return.php
// It's the callback file -- gets called
// the user is returned to this file on authorization
 
// include twitter OAuth library as usual
include('twitterOAuth.php');
// include the consumer details
include('consumer.php');
 
// retrieve the tokens
$tok = file_get_contents("token");
$tok_sec = file_get_contents("token_secret");
 
// construct the twitter object
$twitter = new TwitterOAuth($consumer_key,$consumer_secret,$tok,$tok_sec);
// retrieve the access token set by the authorization
$access_token = $twitter->getAccessToken();
// parse the tokens and seperate them
$tok = $access_token['oauth_token'];
$tok_secret = $access_token['oauth_token_secret'];
 
// print_r($access_token);
// construct the twitter object
// this time with the access tokens
$twitter = new TwitterOAuth($consumer_key,$consumer_secret,$tok,$tok_secret);
// make API call
$req = $twitter ->OAuthRequest('https://twitter.com/statuses/update.xml', array('status' => 'Check out: http://masnun.com/twitter-app/ :)'), 'POST');
 
// print_r($req);
 
//redirect the user to twitter home page
header("Location: http://twitter.com ");
 
?>

Notes On OAuth:
First we, construct the twitter object with the consumer details.
Then we ask for a request token. We build the authorization url with this token.
We send the user to the auth URL.
When the user returns, again construct a twitter object with consumer details and the request token we retrieved previously.
Now that the user is authorized, we ask for access tokens.
We have the access tokens now, so build a new twitter object that has full access to the API.

Now, we can make API calls.

The steps may seem a bit odd at first look. Just go through a couple of times and you’ll get it clearly.

Enjoy OAuthentication, Enjoy Twitter enginnering !!

So, I started studying the Twitter OAuth API and learnt it pretty well. Then I thought what kind of application I could build with this very newly gathered knowledge ? Why not make some fun ? Yeah, I just can’t help making fun every now and then.

Finally, here it is — http://masnun.com/twitter-app/

It’s a little devil app that automatically takes you to the authorization URL and asks for OAuth based authentication. If you allow it, it will automatically make a tweet using your account. The tweet will be nothing bad though, just a link back to the app

To develop this app, I have used the official Twitter OAuth library for PHP written by Abraham. Download it: http://github.com/abraham/twitteroauth .

Points to Ponder:

• An application can do almost anything to your twitter account once you approve it.
• Twitter says, the access token they provide doesn’t expire. That means once you approve an application, it can use your account forever if they are clever enough to store your access token details.
• While approving an application, you never know what kind of permission the application has — read only or read-write both. I think this option should be left upon the users. The users should be able to choose whether he wants to provide write access or not.

I have seen some web sites exploit Twitter accounts. TweeterFollow is a decent example of such nasty practices. Once you provide your credentials, they’ll regularly tweet their links from your account. So think twice before you approve an application though OAuth is safer than providing password since you can choose to withdraw your permission to an application.

I will write detailed about OAuth and provide the source code in another post. Just now, I am feeling extremely sleepy. Woke up to have my Sehri and didn’t return to bed. It’s time I had a nap…