Authenticating to Twitter with Zend_Auth
// November 24th, 2010 // PHP
UPDATE: I’ve refactored this project to be a generic OAuth adapter as opposed to an exclusively twitter adapter. The new github repo is available and code samples have been updated below.
I recently had the need to use Twitter as an authentication source for a Zend Framework application I was working on. The idea would be to allow my users to authenticate with their Twitter credentials as opposed to having them create a new account and password on my web app.
I already had a Zend_Auth implementation in place for my authentication needs, so I decided to create a Zend_Auth_Adapter that uses Twitter’s OAuth service as an authentication source. I’m not going to go into details about how Twitter’s OAuth service works as Twitter can do a much better job. I can show you how to use the adapter though, so here goes.
Step 1: Download the Adapter
The code for the adapter is available on GitHub at http://github.com/jfaustin/Zend_Auth_Adapter_Oauth. You can download that code and place the “Ja” folder (in /library/Ja) somewhere in your include path.
Step 2: Register your application with Twitter
To use Twitter’s OAuth service, you have to register your application with them so they can create the required keys needed for authentication. You can do this by signing into Twitter and going to http://twitter.com/apps/new. Once you register your application, you will be presented with a consumer key and consumer secret. You will need to configure your adapter with these to actually do the authentication.
Step 3: Configure your adapter
You will need to configure your adapter to use the consumer key, consumer secret, and callback URL that are specific to your application. The callback URL will be the same URL which your users are directed to authenticate at, so if your authentication directs to http://yoururl.com/login, that will also be your callback URL.
<?php require_once 'Zend/Auth.php'; require_once 'Ja/Auth/Adapter/Oauth/Twitter.php'; $consumerKey = 'replace with your consumer key'; $consumerSecret = 'replace with your consumer secret'; $callbackUrl = 'replace with your callback URL'; $adapter = new Ja_Auth_Adapter_Oauth_Twitter(); $adapter->setConsumerKey($consumerKey) ->setConsumerSecret($consumerSecret) ->setCallbackUrl($callbackUrl); $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); ?>
Replace the values for $consumerKey, $consumerSecret, and $callbackUrl with your application’s specific values and you should be good to go. All you need to do now is direct your users to this page and the adapter will handle the rest. For a complete working example, see the code you downloaded from GitHub in the /example folder.
To maintain state in the web application between acquiring the request token, sending the user to Twitter to authenticate, then getting them back and acquiring the access token, I am using Zend_Session to store the request token in the “Ja_Auth_Adapter_Oauth” session namespace. You can change this namespace if you want to by setting the “sessionNamespace” option in an option array.
$adapter = new Ja_Auth_Adapter_Oauth_Twitter(); $options = array( 'sessionNamespace' => 'myCustomNamespace' ); $adapter->setOptions($options);
This adapter also expects to have the “oauth_token” parameter set in the URL query string when it is redirected back from Twitter. I’m still considering the ramifications of this, as it may be better to allow this to be configured when the adapter is instantiated, but I haven’t decided yet. Some feedback on that would be good.
UPDATE: I’ve changed the way this functions, as now you can call the setQueryData($_GET) method on the adapter to populate the oauth_token parameter.
On another note, I have submitted a proposal for this code to be included with Zend Framework. If you are interested, the proposal is at http://framework.zend.com/wiki/display/ZFPROP/Zend_Auth_Adapter_Twitter+-+Jason+Austin. I’d love to hear your feedback, either on the ZF contributors wiki or here.