Questions regarding use of Twitter-Oauth API in php

Question

Recently I read a nice tutorial How to Authenticate Users With Twitter OAuth even it written before changing twitter ID format but it works with the new Twitter ID Format too.

I have some questions , please explain if anybody done it successfully..

Why we always call two method getRequestToken and getAccessToken ? Is it to get access token and access token secret ? but both are already given at below page...

http://dev.twitter.com/apps/{your_app_id}/my_token.

what is the exactly need of request token and request token secret?? although i notice that both token comes different each time we process.
if we update our status from below method

$connection->post( 'statuses/update', array('status' => 'some message got from text area value' );

Then how do we verify that status has been updated successfully?? It means if i want to display alert message post has been sent successfully, how do i implement that in our PHP page??

which callback URL is important, i.e. where actually user is navigated after posting or doing stuff on twitter?
1. is it the URL Registered OAuth Callback URL which is written at the time of developing an application on
  
  http://dev.twitter.com/apps/{id_no}
  or
2. is it the URL which is defined in our php code (config.php) like
  
  define('OAUTH_CALLBACK', 'http://www.xyz.com');
one more Q'n
How to handle deny the access of applications?
Note: Please refer my Question regarding this

update for @Thai

i did below according to your suggestion

$user_info = $connection->get('account/verify_credentials');
$status_info =$connection->get('statuses/show/', array('id' =>32320907720523776) );

echo "<pre>";
print_r($status_info);

echo "</pre> Content : <pre>";
print_r($user_info);

returns below

stdClass Object
(
    [request] => /1/statuses/show.json?id=3.2320907720524E%2B16&oauth_consumer_key=jashak..&oauth_nonce=bec...&oauth_signature=%2FMj%2B0Z7oyYNKdMn%2B%2FOJ6Ba8ccfo%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1296541384&oauth_token=223961574-cW4...&oauth_version=1.0a
    [error] => No status found with that ID.
)

note: i hide the oauth_consumer key,oauth_nonce and oauth_token for security purpose ;)

Content:
stdClass Object
(
    [follow_request_sent] => 
    [profile_link_color] => 038543
    [profile_image_url] => http://a3.twimg.com/profile_images/1215444646/minialist-photography-9_normal.jpg
    [contributors_enabled] => 
    [favourites_count] => 31
    [profile_sidebar_border_color] => EEEEEE
    [id_str] => 223961574 // this is also id_str
    [status] => stdClass Object
        (
            [retweeted] => 
            [id_str] => 32320907720523776 // this id_str i used
            [in_reply_to_status_id_str] => 
            [geo] => 
            [contributors] => 
            [source] => Black Noise
            [in_reply_to_user_id_str] => 
            [retweet_count] => 0
            [truncated] => 
            [coordinates] => 
            [created_at] => Tue Feb 01 06:14:39 +0000 2011
            [favorited] => 
            [text] => Twitter test: verify that status has been updated
            [place] => 
            [in_reply_to_screen_name] => 
            [in_reply_to_status_id] => 
            [id] => 3.2320907720524E+16
            [in_reply_to_user_id] => 
        )
   [screen_name] => ltweetl
   [profile_use_background_image] => 1
   ....
   ...

i got error No status found with that ID and which id_str u r mentioning??

score 4 · Accepted Answer · answered Jan 31 '11 at 13:31

This answer is not specifically for Abraham's Twitter-OAuth API, but applies to Twitter's OAuth API in general.

That page only gives you your access token and access token secret to your own apps. This is fine if you don't need your app to be authenticated as any other users, so no need to request request tokens and no need to exchange the request token for access token, you just use your access token

However, if you want to authenticate as other users, you will have to go through all the required steps, which is explained in short here:
- You request the request token. It is only used for signing in, and cannot be used to access user's data. You will get the request token and request token secret. When requesting the request token, you can specify a callback URL which Twitter will send your users to when it is authenticated successfully.
- You need to keep the request token and secret until the authentication is done.
- After that, you redirect the user to http://api.twitter.com/oauth/authorize?oauth_token= followed by OAuth token.
- After the user signed in to Twitter and allowed your application, Twitter sends the user back to the callback URL.
- You exchange the request token for the access token, and you can then discard the request token because you won't need it anymore.
You can keep the access token as long as you need it. If you don't keep the access token, you will need to request the request token and exchange it for access token again, and your users will have to sign in again.

So basically, if you are creating something that the user needs to sign in using Twitter, you need to do all the steps above to get the user signed in. If you are just using Twitter's API for yourself, you don't need the authentication step. Use your access token.
You can check for the tweet's ID by checking for the id_str key on the returned response.

If the status isn't posted, Twitter will return an error object.
You can specify the default OAuth callback in the application settings page, which will be used when you don't explicitly specify a callback.

This is required because if you somehow forget to or did not specify a callback URL, Twitter will still know where to redirect your users to.

However, Twitter encourages that you should explicitly specify a callback URL. There are many benefit from using a callback URL, such as being able to specify any URLs as the callback. I used to benefit from this one because my Twitter client runs on two different domains, I could redirect the users back to the right place.

@Thai.. regarding your point 1 , it means we can run our application with any user without their authentication?? — xkeshav, Feb 01 '11 at 05:24
@Thai regarding point 3, i said which callback URL is to be followed by twitter application? i write both places a different Callback URL, — xkeshav, Feb 01 '11 at 05:28
@diEcho 1. The user will have to sign in to Twitter and allow your application to access first before you can have that token. You use the token instead of their username and password. Once you have the token you can keep it as long as the user doesn't revoke access from your application. — Thai, Feb 01 '11 at 12:28
@diEcho 3. The URL in your application code is more important than the registered one. If your code sends a callback URL, it will use the URL sent from your code. If not, it sends user to the registered one. — Thai, Feb 01 '11 at 12:31
@diEcho And you need to put your ID in quotes as it is too big for PHP. `'id' => '32320907720523776'` — Thai, Feb 01 '11 at 12:32
@Thai 1. i know that user have to sign in , but my Question is that where that user's information is used after getting `access token`, means once we get `request token` from a user , will b forever untill he invoke the application — xkeshav, Feb 01 '11 at 12:55
@diEcho Yes, but you use the access token, and not the request token. — Thai, Feb 01 '11 at 13:00
@diEcho It is really strange that it does not show any error. Try checking your syntax. — Thai, Feb 01 '11 at 13:01
@Thai yes, i m doing so...i just asked that why we always repeat this process .. even everything work great, but these are confusing concepts... but still we cant figure out the latest tweet — xkeshav, Feb 01 '11 at 13:03
i have to check the answer but nothing is fully satisfactory answer :( — xkeshav, Feb 07 '11 at 07:03

score 0 · Answer 2 · answered Jan 21 '11 at 06:15

Because we get AccessToken and Access Token Secret only after we validate user with verifier .

The verifier is most important in OAuth process.So We need to send one request to generate AccessToken and Access Token Secret .

After getting AccessToken and Access Token Secret we can use it for time specified by user while allowing your Twitter application to allow access to his Info.it may be 1 day ,1 month like wise in LInkedin OAuth after that time the AccessToken and Access Token Secret expires.........

i written in my question that.. access token & access token secret is already given when we create any application — xkeshav, Jan 21 '11 at 06:18

score 0 · Answer 3 · answered Jan 31 '11 at 12:39

0

What do you get when you do:

$temp = $connection->post( 'statuses/update', array('status' => 'some message got from textarea value' );
print_r($temp);

I would guess that would store the response (in json/xml) format in the $temp var. (To test twitter responses you can check http://dev.twitter.com/console)

The callback url that is defined in config.php will determine where it will be redirected. This is because this callback parameter was recently added to the twitter API. Before that you could only define the callback url on the App management section of twitter.com, this URL is the default url if no other url is defined.

answered Jan 31 '11 at 12:39

gnur

4,671
2
20
33

i got below result TwitterOAuth Object ( [http_code] => 200 [last_api_call] => https://api.twitter.com/1/statuses/update.json [host] => https://api.twitter.com/1/ [timeout] => 30 [connecttimeout] => 30 [ssl_verifypeer] => [format] => json [decode_json] => 1 [sha1_method] => OAuthSignatureMethod_HMAC_SHA1 Object ( ) [consumer] => OAuthConsumer Object ([key] => [secret] => ) [token] => OAuthConsumer Object ([key] => [secret] =>) ) – xkeshav Feb 01 '11 at 06:35
Does print_r($temp->response) do anything? – gnur Feb 01 '11 at 07:45
@diEcho hmm, I guess I don't know the Abraham API at all. You could try calling the $connection->post line with valid authentication in place and without valid authentication, perhaps the $temp response will be different. I think the 'http_code' response might be different if you aren't authenticated. – gnur Feb 01 '11 at 10:41

Questions regarding use of Twitter-Oauth API in php

one more Q'n

update for @Thai

3 Answers3