smolblog / oauth2-twitter
Twitter OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Installs: 53 879
Dependents: 4
Suggesters: 0
Security: 0
Stars: 15
Watchers: 3
Forks: 6
Open Issues: 1
Requires
- php: ^7.3 || ^8.0
- league/oauth2-client: ^2.0
- paragonie/random-lib: ^2.0
Requires (Dev)
- eloquent/phony-phpunit: ^6.0 || ^7.1
- phpunit/phpunit: >=8.0
- squizlabs/php_codesniffer: ^3.0
This package is auto-updated.
Last update: 2024-12-15 18:46:05 UTC
README
This package provides Twitter OAuth 2.0 support for the PHP League's OAuth 2.0 Client.
Installation
To install, use composer:
composer require smolblog/oauth2-twitter
Usage
Usage is the same as The League's OAuth client, using \Smolblog\OAuth2\Client\Provider\Twitter
as the provider.
Authorization Code Flow
<?php session_start(); require_once 'vendor/autoload.php'; $provider = new Smolblog\OAuth2\Client\Provider\Twitter([ 'clientId' => 'MjVXMnRGVUN5Ym5lcVllcTVKZkk6MTpjaQ', 'clientSecret' => 'YDPiM-JsC5xU44P2VijGJRB7zdKB1PckCGjOynXGx9HZM7N6As', 'redirectUri' => 'http://oddevan.test/twitter-test/', ]); if (!isset($_GET['code'])) { unset($_SESSION['oauth2state']); unset($_SESSION['oauth2verifier']); // Optional: The default scopes are ‘tweet.read’, ‘users.read’, // and ‘offline.access’. You can change them like this: $options = [ ‘scope’ => [ ‘tweet.read’, ‘tweet.write’, ‘tweet.moderate.write’, ‘users.read’, ‘follows.read’, ‘follows.write’, ‘offline.access’, ‘space.read’, ‘mute.read’, ‘mute.write’, ‘like.read’, ‘like.write’, ‘list.read’, ‘list.write’, ‘block.read’, ‘block.write’, ‘bookmark.read’, ‘bookmark.write’, ], ]; // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl($options); $_SESSION['oauth2state'] = $provider->getState(); // We also need to store the PKCE Verification code so we can send it with // the authorization code request. $_SESSION['oauth2verifier'] = $provider->getPkceVerifier(); header('Location: '.$authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { try { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'], 'code_verifier' => $_SESSION['oauth2verifier'], ]); // Optional: Now you have a token you can look up a users profile data // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getName()); } catch (Exception $e) { echo '<pre>'; print_r($e); echo '</pre>'; // Failed to get user details exit('Oh dear...'); } // Use this to interact with an API on the users behalf echo $token->getToken(); }
Changelog
See CHANGELOG.md
Credits
Maintained* as part of the Smolblog project.
*With Twitter's new paid API, the Smolblog project is no longer able to reliably maintain this plugin. We will fix any issues we can, but we can no longer react to new features. If you want to take over active maintenance, get in touch.
License
The Modified 3-clause BSD License (BSD). Please see License File for more information.