Proper Twitter Integration with Zend Framework
Twitter is all the rage these days. Every site out there has some kind of "Tweet This" link or "Follow us on Twitter" button. Some sites have even deeper integration and tweet events on your behalf. In most cases, those sites are asking you for your Twitter username and password. What? Even scarier, many people enter their credentials without thinking twice. It's crazy. When has it become acceptable to enter your credentials for your online accounts (that often make you choose six or more character passwords) into some random third party site? Well, the answer, I suppose, is since social networking sites have began asking for email account access to rummage through your contact list. Still, it's a rather unacceptable solution for a self-respecting web site to operate this way, especially since Twitter supports the OAuth protocol which is designed to tackle this exact problem.
If you're familiar with how Flickr allows third-party applications and websites access to your account, then you know how it works. A web site requests access to your account, you are prompted to allow and deny access, and that's it. There are no passwords involved. And if you decide that you don't like what that website is doing with your account, you can revoke access at any time.
I will assume that you're already familiar with the Zend Framework. If that is not the case, and you're a PHP developer, you should really consider starting to use it. It is a very well designed and powerful collection of classes that complement each other and, after the initial ramp up time and learning curve, will pay off in both terms of development speed as well as maintainability. Check out the Quick Start.
In fact, Zend Framework (1.8) ships with a Zend_Service_Twitter class, which provides all the Twitter functionality. The problem is that this class only supports Basic Authentication using your Twitter account username and password. But fear not, we can bend this class to do our bidding.
See, underneath the hood, Zend_Service_Twitter is actually a Zend_Rest_Client, which is powered by Zend_Http_Client. Let's just remember that for now.
Let's take a look at this OAuth thing. Zend Framework has some preliminary support for it in the incubator. The client portion of it is functional, although kind of buggy, still.
The proposal for Zend_Oauth can be found here http://framework.zend.com/wiki/pages/viewpage.action?pageId=37957, complete with a ma.gnolia.com example use case.
Let me summarize how this works real quick:
1. Your configured Zend_Oauth_Consumer fetches a request token, which is used to prompt the user of the service to allow access.
2. Once access is allowed, your application receives an access token.
3. Your can ask the access token object to hand you an http client. It's a Zend_Oauth_Client, which extends Zend_Http_Client, and automagically handles the signing so you can treat it like a regular Zend_Http_Client and perform all the GETS and POSTS you want. Nifty!
Now let's go back to the Zend_Service_Twitter. Remember how it uses a Zend_Http_Client? All we have to do now is remove the basic (username/password) authentication mechanism and replace it with the OAuth-based version. To achieve that, we'll simply extend Zend_Service_Twitter as My_Service_Twitter. and make the following changes:
class My_Service_Twitter extends Zend_Service_Twitter
{
/**
* @var array
*/
protected $_oauthOptions;
/**
* @var Zend_Oauth_Token_Access
*/
protected $_accessToken;
/**
* Initialize Oauth
*/
protected function _init()
{
if (!$this->_authInitialized) {
$client = $this->_accessToken->getHttpClient($this->_oauthOptions);
$client->setHeaders('Accept-Charset', 'ISO-8859-1,utf-8');
self::setHttpClient($client);
$this->_authInitialized = true;
}
$client = self::getHttpClient();
$client->resetParameters();
}
/**
* @param array $oauthOptions
* @return My_Service_Twitter provides fluent interface
*/
public function setOauthOptions(array $oauthOptions)
{
$this->_oauthOptions = $oauthOptions;
return $this;
}
/**
* @return array
*/
public function getOauthOptions()
{
return $this->_oauthOptions;
}
/**
* @param Zend_Oauth_Token_Access $token
* @return My_Service_Twitter provides fluent interface
*/
public function setToken(Zend_Oauth_Token_Access $token)
{
$this->_accessToken = $token;
return $this;
}
/**
* @return Zend_Oauth_Token_Access
*/
public function getToken()
{
return $this->_accessToken;
}
}
And it's ready to be used. Instantiate the class, set the Oauth token via setToken() and then use the class the same way as before.
Print This Post
September 20th, 2010 - 03:01
hi,
i am using zend framework, and got to work twitter part for status update with existing oauth feature of Zend. what i am interested now is, how the dailybooth.com works for twitter, it allows you only one time sign in twitter and then even if you exit the current session of your website and/or twitter, your all new activities are posted to twitter whenever it happens, it's a kind of LINK twitter account…
is this possible with above oauth code? i tried it anyway but i keep on getting Error saying:
Cannot redeclare class Zend_Oauth_Consumer …
while i am not able to see any repeated declaration of this class in my codebase.
any help would be really appreciated
Thanks
October 18th, 2010 - 21:02
Nisha, there have been changes in the Twitter API, and recent version of the Zend Framework include a modified Zend_Service_Twitter client.
Take a look at the Zend_Oauth example, which shows how to login to Twitter using Oauth: http://framework.zend.com/manual/en/zend.oauth.introduction.html
You can read up on the details on various Oauth web sites, but in a nutshell, Oauth means that you request a "request token" from Twitter using PHP, and then redirect a user to twitter along with that request token. On Twitter, the user will be asked to grant your application access (via this request token), then they'll be returned to your site. On your site you now try to exchange the "request token" for an "access token". This access token is then used to interact with Twitter on that user's behalf. You should store it in a database and associate it with that user. Unless that user specifically removes the permission from your application via their control panel in Twitter, you can continue to interact with Twitter on their behalf.