How to Integrate Twitter OAuth 2.0 in PHP + Direct Messages

To integrate Twitter OAuth 2.0 in PHP and access direct messages (DMs), you'll need to follow these steps:

Authenticate with Twitter:
Conceal the code value within a hidden input field

    // @post method 
    public function twitterOAuth(Request $request)
        if($request->code) {
            // #2 get access token by the authorization code  
            $this->getAccessToken($request->code);
        }else{
            // #1 if there's no authorization code
            return $this->getAuthorizationCode();
        }
    }

Please ensure you've thoroughly reviewed your complete callback_uri within your Twitter developer portal.

getAuthorizationCode

 public function getAuthorizationCode() {
        $authorize_url = "https://twitter.com/i/oauth2/authorize";
        $callback_uri =config('twitter.callback_uri');
        $client_id = config('twitter.client_id');
        $client_secret = config('twitter.client_secret');
        $str = (pack('H*', hash("sha256", config('twitter.code_challenge'))));
        $code_challenge = rtrim(strtr(base64_encode($str), '+/', '-_'), '=');

        $authorization_redirect_url = $authorize_url . "?response_type=code&client_id=" . $client_id . "&redirect_uri=" . $callback_uri . "&scope=tweet.read%20users.read%20follows.read%20dm.read%20dm.write%20offline.access&state=state&code_challenge=".$code_challenge."&code_challenge_method=plain";
        return redirect()->to($authorization_redirect_url);
    }

getAccessToken

    public function getAccessToken($authorization_code) {
        $token_url = "https://api.twitter.com/2/oauth2/token";
        $callback_uri =config('twitter.callback_uri');
        $client_id = config('twitter.client_id');
        $client_secret = config('twitter.client_secret');
        $str = (pack('H*', hash("sha256", config('twitter.code_challenge'))));
        $code_verifier = rtrim(strtr(base64_encode($str), '+/', '-_'), '=');


        $authorization = base64_encode("$client_id:$client_secret");
        $header = array("Authorization: Basic {$authorization}","Content-Type: application/x-www-form-urlencoded");
        $content = "grant_type=authorization_code&code=$authorization_code&client_id=$client_id&code_verifier=$code_verifier&redirect_uri=$callback_uri";

        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => $token_url,
            CURLOPT_HTTPHEADER => $header,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => $content
        ));
        $response = curl_exec($curl);
        curl_close($curl);

        if ($response === false) {
            //save error  and redirect
            $twitterError = curl_error($curl);;
            return redirect()->route('mailboxes.twitter.settings');

        } elseif (isset(json_decode($response)->error)) {
            //save error  and redirect
            $twitterError = $response
            return redirect()->route('mailboxes.twitter.settings');
        }
        else{
            //save access_token & refresh_token
            $TwitterAccessToken = json_decode($response)->access_token
            $TwitterRefreshToken = json_decode($response)->refresh_token
            return redirect()->route('mailboxes.twitter.settings');
         }

Get Direct Messages (DMs):
Use the access_token to gain access to protected Direct Messages

function getDms(){
    $dm_events_url= "https://api.twitter.com/2/dm_events?dm_event.fields=id,text,event_type,dm_conversation_id,created_at,sender_id&user.fields=created_at,description,id,location,name";
    $header = array("Authorization: Bearer {$TwitterAccessToken}");

    $curl = curl_init();
    curl_setopt_array($curl, array(
        CURLOPT_URL => $dm_events_url,
        CURLOPT_HTTPHEADER => $header,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_RETURNTRANSFER => true
    ));
    $response = curl_exec($curl);
    curl_close($curl);

    return json_decode($response, true);
}

Refresh an Access Token Using a Refresh Token
Some OAuth grant types return a refresh_token along with an access_token. Refresh tokens have a much longer expiration time than access_tokens and as such can be used to obtain a new access_token when the current one expires.

$token_url = "https://api.twitter.com/2/oauth2/token";
         $authorization = base64_encode("$client_id:$client_secret");
         $header = array("Authorization: Basic {$authorization}","Content-Type: application/x-www-form-urlencoded");
         $content = "grant_type=refresh_token&client_id=$client_id&refresh_token=".$TwitterRefreshToken;

         $curl = curl_init();
         curl_setopt_array($curl, array(
             CURLOPT_URL => $token_url,
             CURLOPT_HTTPHEADER => $header,
             CURLOPT_SSL_VERIFYPEER => false,
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_POST => true,
             CURLOPT_POSTFIELDS => $content
         ));
         $response = curl_exec($curl);
         curl_close($curl);

 if ($response === false) {
            //save error  
            $twitterError = curl_error($curl);;


        } elseif (isset(json_decode($response)->error)) {
            //save error  
            $twitterError = $response

        }
        else{
            //save access_token & refresh_token
            $TwitterAccessToken = json_decode($response)->access_token
            $TwitterRefreshToken = json_decode($response)->refresh_token
         }

This pertains to the integration of Twitter OAuth 2.0 using PHP. I trust that you grasp the concept and can seamlessly incorporate it into your project. Please feel free to share your thoughts and suggestions in the comments section below

Blog

How to Integrate Twitter OAuth 2.0 in PHP + Direct Messages

JohnDivam

Join Our Newsletter. No Spam, Only the good stuff.

Related