Even if the concept feels cryptic, attempt to digest as much as you can. It\u2019s still a very mysterious technology, having just been drafted back in 2007<\/a>. I certainly didn\u2019t understand how to develop full OAuth Connections even after my first few tutorials but if you stick with it, you\u2019ll catch on fast. Now first to kick things off, a small introduction!<\/p>\n If you consider how much more connected the Internet has become, it only makes sense that users will want to share information between multiple accounts from Facebook into Twitter, Tumblr, Foursquare, and now even into mobile apps such as Path<\/em> or Instagram<\/a>.<\/p>\n The problem we face now is how to accomplish this in the most secure and simplest way possible. OAuth 1.0 is an attempt to solve this and numerous other problems, compared with older OpenID standards. Users are still entering their username\/password into other third party websites just to connect into OpenID.<\/p>\n This doesn\u2019t make it any safer for the user. Under OAuth specs, the user never needs to store any personal account data into a third party database.<\/p>\n With OAuth, the main account provider (e.g. Twitter, Facebook) will first redirect you (the user) to an authorization page. The user then logs into the main network, and then either accepts or denies a new connection into the third party website.<\/p>\n The technology is painlessly easy and you can always unauthorize the connections from your account settings at any point. Notice that your password is never given to the 3rd party which makes this protocol a lot more safer than its counterpart.<\/p>\n There are 3 parties to consider in a standard OAuth call:<\/p>\n The purpose of OAuth isn\u2019t to provide a specific library for websites to use. It actually sets up the \u201crules\u201d for building an open protocol API. So while we can all benefit from this technology it\u2019s actually developers who will really find interest in this area. If you need more info check out the revised v1.0 edition<\/a> released n April 2010.<\/p>\n The entire process ultimately requires 2 different keys along with an access token. The keys are provided by the root service after you register an application \u2013 these are known as your client<\/strong> and secret ID<\/strong>. The client ID is generally passed into the Authentication URL so the server can recognize your app.<\/p>\n The secret ID is held in your code so the server can verify your app\u2019s identity. Similarly the remote server will match up your secret ID with their own so you don\u2019t mistakenly send a twitter request to Facebook\u2019s API, or vice versa.<\/p>\n If the user authorizes the connection and all keys match up, then they are returned to your website with a long code of random numbers and letters.<\/p>\n This code is used to generate a new access token<\/strong>. These behave similar to a session variable which you can store in a cookie to keep the user logged into your website. The only difference is that many services will send back an Access Token and Secret Access Token.<\/p>\n You likely need both of these to pull any data from the server. An example could be requesting the user\u2019s profile photo to save a copy on your own website.<\/p>\n Developers aren\u2019t often likely to start from scratch so why not look into a previously-built library? This will save us our time, and from headaches, when working with PHP. Let\u2019s look into building a really simple example on top of the Twitter API.<\/p>\n I highly recommend Twitter Async<\/a> by Jaisen Mathai on GitHub. It works perfectly and even provides some really straightforward example codes that we can look at. You can download the .zip for now, but before we look into the code we need to register and get our app IDs from Twitter.<\/p>\n The Twitter Dev Center<\/a> is a great resource for those just getting started on the API. It has been written and rewritten many times over the course of a few years. The page we want is https:\/\/dev.twitter.com\/apps\/new<\/a>. It will ask you to log in at first, then you need to enter some credentials for a new application.<\/p>\n The App name and description are displayed when the user goes to authorize with Twitter. Your Web URL is also important to distinguish the third party address. It would be easier to work with a live domain although you can use localhost for testing, but I do not enourage this method. It\u2019s just as easy to sign up for a free web host<\/a> and run your scripts from there.<\/p>\n The Callback URL is stated as the final destination after your visitors either accept or deny the authorization. It\u2019s your job as the programmer to read the response from Twitter and output a message accordingly.<\/p>\n In the Async library we\u2019ve already got some credentials in place, but they won\u2019t work since the callback URL is specified to an external blog. If you\u2019re interested in building a fully-connected OAuth web app I\u2019ve included some detailed tutorials below.<\/p>\n If you are using a remote web host you may want to unzip the Async libraries and upload them to a new directory. Otherwise you can just check out the source code. It\u2019s likely that we won\u2019t be able to pull a new connection anyways. But hands-on experience with uploading and editing source code is always a learning process.<\/p>\n In the root directory you\u2019ll find a script named simpleTest.php<\/strong>. Inside is a whole lot of PHP codes related to the OAuth libraries included. I won\u2019t be able to put it all together for you, but we should look at an important code block to pinpoint notable details.<\/p>\n There are 4 very important variables for the consumer key and secret ID, along with the token and secret token ID. Not all API services will require this set of 4, but it is proper OAuth protocol. The EpiTwitter class requires all 4 values as parameters and generates the connection URL into Twitter.<\/p>\n With this new dynamic URL you can create a login button for your users. This would direct them first to a secure Twitter API page where the user either accepts or denies your connection. Regardless of their choice the user then gets re-directed to your app callback URL.<\/p>\n The entire open protocol has a very clean perspective which allows for rapid development, especially with libraries available in practically every language.<\/p>\n Hopefully this introduction into OAuth has got you interested in building apps over the protocol. Many developers have been striving for just such a solution, and OAuth 2.0 may be the future of interconnected social networks. I already use over two dozen connections into my Twitter account and have been really impressed with the developer\u2019s documentation!<\/p>\n Clearly there is a lot to say on this topic. It\u2019s not something you may be able to fully process in one sitting. Browse around the net for more OAuth solutions and let us know your thoughts in the discussion area below.<\/p>\nWhat Problems Can We Solve?<\/h2>\n
![\"\"](\"https:\/\/assets.hongkiat.com\/uploads\/oauth-connect\/twitter-oauth-connection.jpg\")
<\/figure>\nHow the Process Works<\/h2>\n
\n
Facing Security<\/h2>\n
Example Library for Twitter OAuth<\/h2>\n
![\"Twitter](\"https:\/\/assets.hongkiat.com\/uploads\/oauth-connect\/twitter-applications-auth-list.jpg\")
<\/figure>\nRegistering a New Application<\/h2>\n
![\"Twitter](\"https:\/\/assets.hongkiat.com\/uploads\/oauth-connect\/twitter-developers-center-2.jpg\")
<\/a><\/figure>\nCheck Out the Code<\/h2>\n
<?php\r\ninclude 'EpiCurl.php';\r\ninclude 'EpiOAuth.php';\r\ninclude 'EpiTwitter.php';\r\n$consumer_key = 'jdv3dsDhsYuJRlZFSuI2fg';\r\n$consumer_secret = 'NNXamBsBFG8PnEmacYs0uCtbtsz346OJSod7Dl94';\r\n$token = '25451974-uakRmTZxrSFQbkDjZnTAsxDO5o9kacz2LT6kqEHA';\r\n$secret= 'CuQPQ1WqIdSJDTIkDUlXjHpbcRao9lcKhQHflqGE8';\r\n$twitterObj = new EpiTwitter($consumer_key, $consumer_secret, $token, $secret);\r\n$twitterObjUnAuth = new EpiTwitter($consumer_key, $consumer_secret);\r\n?>\r\n<\/pre>\n
https:\/\/api.twitter.com\/oauth\/authorize?oauth_token=TOKEN_ID_HERE<\/pre>\n
Related Links<\/h2>\n
\n
Conclusion<\/h2>\n