How to Make an Autobot on Twitter with OAuth, not Basic Authentication

Twitter will be shutting off basic authentication on their API on June 30. Tweeting with basic auth was pretty easy in PHP:

$context = stream_context_create(array( 
  'http' => array( 
    'method'  => 'POST', 
    'header'  => 'Content-type: application/x-www-form-urlencoded', 
    'content' => http_build_query(array('status' => $status)), 
  ),
)); 
$response = file_get_contents("http://$username:$password@twitter.com/statuses/update.xml", false, $context);

After shut off basic auth, how can we tweet via programming language? In other words, how to make an autobot?

It seems xAuth is fit for this purpose. I’ve requested [email protected] to access xAuth. But they just said “we are not granting xAuth for these kinds of purposes”. Also they recommended to use OAuth. Using OAuth means someone must sign in manually at least once. Here is the steps:

1) Register your app, set Application Type = Client and Default Access type = Read & Write
2) I’m using pecl_oauth. Execute the below script from command line.

<?php
define('TWITTER_CONSUMER_KEY', '***');
define('TWITTER_CONSUMER_SECRET', '***');
 
$oauth = new OAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$info = $oauth->getRequestToken('http://api.twitter.com/oauth/request_token');
var_dump($info);

3) Access https://api.twitter.com/oauth/authorize?oauth_token={$info[‘oauth_token’]} with your browser. The URL is required to sign in, so you have to manually do with an account which you want to make tweet.
4) You’ll get PIN
5) Replace some variables and execute this script:

<?php
define('TWITTER_CONSUMER_KEY', '***');
define('TWITTER_CONSUMER_SECRET', '***');
 
$oauth = new OAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken('{PREVIOUS_TOKEN}', '{PREVIOUS_TOKEN_SECRET}');
$info = $oauth->getAccessToken('http://api.twitter.com/oauth/access_token', null, '{PIN}');
var_dump($info);

You need to copy oauth_token and oauth_token_secret from 2).

6) Store final tokens somewhere.
7) Then using the tokens in this script, it supposed to work as long as the tokens is valid (According to Twitter staff, “Twitter will not expire this token unless the user revokes access to the application, or the application is suspended for violating policy.”):

<?php
define('TWITTER_CONSUMER_KEY', '***');
define('TWITTER_CONSUMER_SECRET', '***');
 
$oauth = new OAuth(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken('{FINAL_TOEKN}', '{FINAL_TOKEN_SECRET}');
$oauth->fetch('http://api.twitter.com/1/statuses/update.xml', array('status' => $status), OAUTH_HTTP_METHOD_POST);
echo $oauth->getLastResponse();

It’s quite complexed steps compared to basic auth, but we have to follow Twitter’s decision. I bet there are too many spammy autobots and they just can’t ignore them.

Updated:
It seems Twitter can’t easily shut off its Basic Auth. The deadline is postponed. Anyways, this process that I explained is no longer needed. You can grab your token and token secret on dev.twitter.com. “My Access Token” is the link.

This entry was posted in Tweak and tagged , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.