PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Zend Framework 101: Zend_Oauth

How OAuth Works

There are many guides and diagrams of how oAuth works available online, but to keep things simple, here's what you need to know for authenticating with Twitter:

  1. Web application requests an authentication token from Twitter
  2. Web application redirects user to Twitter
  3. User signs in to Twitter then authorizes your web application
  4. Twitter redirects user back to web application with authorization token
  5. Web application requests access token from Twitter
Note: You must register your web or desktop application with Twitter to obtain a consumer key. You can do so at http://dev.twitter.com.

Assuming each of these steps completes correctly (that is, the user successfully authenticates and then allows your application access), you can then access the Twitter API with their account.

For more details of how this process works (specifically with Twitter), I recommended the following pages:

In the code we will implement in this article we have a protected page that users can only access once they've authenticated with Twitter. We will write their access token to a database table so we can use it again in future. Currently there is no expiration date on a Twitter access token.

Note: I've tried to simplify this implementation as much as possible. The code assumes the user has already authenticated with our web application separately. When we store access tokens they will be stored against a local user account.

In This Article