0

I am trying to set up twitter reverse auth, on my api server. My mobile device will call this api endpoint to get the request token, and use that to sign-in using twitter, and do different actions on the hand-held device.

I am using j7mbo/twitter-api-php: Simplest PHP example for retrieving user_timeline with Twitter API version 1.1

This lib has just a basic post and get examples, but I looked into the source and found the buildOauth to doing everything that is required for twitter i.e. generate the signature base string and authorization header, and it calling the endpoint using curl.

In my code I set my consumer_key, secret, access_token key and secret, and set the x_auth_mode like below:

$tw_settings = array(
        'consumer_key' => $app['config']['twitter_api']['consumer_key'][$culture],
        'consumer_secret' => $app['config']['twitter_api']['consumer_secret'][$culture],
        'oauth_access_token' => $app['config']['twitter_api']['api_access_token'][$culture],
        'oauth_access_token_secret' => $app['config']['twitter_api']['api_access_token_secret'][$culture],
    );

    $postfields = array(
        'x_auth_mode' => 'reverse_auth'
    );

    $twitter = new TwitterAPIExchange($tw_settings);

    $result = $twitter->setPostFields($postfields)
                ->buildOauth($url, $requestMethod)
                ->performRequest();

    return $app->json($result);

But twitter does not authenticate, saying "Failed to authenticate oauth signature and token".

Community
  • 1
  • 1
srinivas
  • 4,778
  • 2
  • 32
  • 43

1 Answers1

0

I finally got it working. You can get this git repo based on j7mbo/twitter-php-api. I have extended to add a method to get reverse auth token from twitter. This token you can generate on your server, and expose it using an rest endpoint, which your device will call, and use it to do reverse authentication. This way the consumer-key and consumer secret is safe tucked away on the server and is not distributed with all the client devices.

Git repo: https://github.com/srinivasmangipudi/twitter-api-php

To generate the special request token, instantiate the TwitterApiExcahange object and then call 'buildReverseOauth' method. E.g:

$postfields = array(
    'x_auth_mode' => 'reverse_auth'
);

$twitter = new TwitterAPIExchange($tw_settings);

$result = $twitter->setPostfields($postfields)
            ->buildReverseOauth($url, $requestMethod)
            ->performRequest();

This should return you the oauth_access_token. Rest everything is same as below.

srinivas
  • 4,778
  • 2
  • 32
  • 43