PhpRiot
Follow phpriot on Twitter
Sponsored Link
Download Article
Download this article or the entire “Zend Framework 101” series with all listings and files.
More information
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...

When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store
Free iPad/iPhone App
Available on the App Store
  • PHP manual
  • Zend Framework manual
  • Smarty manual
  • PHP articles
  • PHP training
Related Articles
Browse Articles
Ajax 6 Amazon 2 APC 1 Arrays 1 CAPTCHA 1 CSS 3 cURL 5 Debugging 1 File Upload 1 Google 6 Google Maps 2 JavaScript 12 jQuery 1 JSON 6 KML 1 Maps 1 MVC 1 MySQL 9 onbeforeunload 1 OOP 2 Page Speed 1 PHP 59 PhpDoc 1 PostgreSQL 7 Prototype 11 Reflection 1 RFC 1867 1 Robots 1 Scriptaculous 1 SEO 1 Sessions 2 SimpleXML 1 Smarty 5 SOAP 2 SPL 1 Sqlite 1 Templates 2 Twitter 2 W3C 1 WebDAV 1 XHTML 1 YouTube 1 Yslow 1 yuicompressor 1 ZCE 6 Zend Framework 11 Zend_Cache 1 Zend_Gdata 1 Zend_Gdata_YouTube 1 Zend_Loader 1 Zend_Oauth 1 Zend_Registry 1 Zend_Search_Lucene 1

Zend Framework 101: Zend_Oauth

By Quentin Zervaas, 1 July 2010 PHP Twitter Zend Framework Zend_Oauth Download PDF

How OAuth Works

There are many guides and diagrams of how oAuth works available online, but to keep things simple, here's what you need to know for authenticating with Twitter:

  1. Web application requests an authentication token from Twitter
  2. Web application redirects user to Twitter
  3. User signs in to Twitter then authorizes your web application
  4. Twitter redirects user back to web application with authorization token
  5. Web application requests access token from Twitter
Note: You must register your web or desktop application with Twitter to obtain a consumer key. You can do so at http://dev.twitter.com.

Assuming each of these steps completes correctly (that is, the user successfully authenticates and then allows your application access), you can then access the Twitter API with their account.

For more details of how this process works (specifically with Twitter), I recommended the following pages:

In the code we will implement in this article we have a protected page that users can only access once they've authenticated with Twitter. We will write their access token to a database table so we can use it again in future. Currently there is no expiration date on a Twitter access token.

Note: I've tried to simplify this implementation as much as possible. The code assumes the user has already authenticated with our web application separately. When we store access tokens they will be stored against a local user account.
1. Previous Page
3. Setting Up Our OAuth Consumer

In This Article