I’m utilising the excellent tmhOAuth php library for my site. However, I cant’ figure out how to access the user token/secret that is received from my auth.php? (Say, when trying to get the friend’s list of current user.)
It’s stated in the example:
* Although this example uses your user token/secret, you can use
* the user token/secret of any user who has authorised your application.
I have successfully made use of the auth.php example, but how do I make use of the USER token/secret that I receive? As in the example, it’s merely stated like so:
$tmhOAuth = new tmhOAuth(array(
'consumer_key' => 'YOUR_CONSUMER_KEY',
'consumer_secret' => 'YOUR_CONSUMER_SECRET',
'user_token' => 'A_USER_TOKEN',
'user_secret' => 'A_USER_SECRET',
));
Obviously, hardcoding it won’t work for me, and so, simply, I wonder where are the token/secret for the currently logged in user?
This is an example of a stored credential, I presume:
// already got some credentials stored?
} elseif ( isset($_SESSION['access_token']) ) {
$tmhOAuth->config['user_token'] = $_SESSION['access_token']['oauth_token'];
$tmhOAuth->config['user_secret'] = $_SESSION['access_token']['oauth_token_secret'];
$code = $tmhOAuth->request('GET', $tmhOAuth->url('1/account/verify_credentials'));
if ($code == 200) {
$resp = json_decode($tmhOAuth->response['response']);
echo $resp->screen_name;
} else {
outputError($tmhOAuth);
}
users are supposed to authorize you via oauth, which begets you an access token per user eventually (which you need to store somewhere), you get that token from storage, provide it in the request and that way you are granted access. So your users need to grant you access and you need to store the access tokens+secrets for future use.
In short and not very specific nor 100% technically accurate(I think) but hopefully clear to follow terms:
with oauth you request an app-wide token and secret, the consumer token and secret.
With these consumer tokens you can ask for a request token,secret (and usually nonce token as well) from the provider which can now identify your app as being ‘App x which was allowed by me, the provider’.
With this request token you may ask the app for an access token for a specific user (you know which user it is on your side and they know or find out on their side), the user themselves usually have to authorise your app’s access and when all goes well (meaning user says OK) you receive a final access token and secret with which you from then on can make the connection to the remote site, acting on behalf of the user. At this point in time you need to physically store the token somehow (database, textfile,…) for later usage.
It’s a back and forth between their server and your server, where the first steps never need to be repeated again as long as you have a valid access token+secret for the user stored.
Once you have those you can just put them in ‘user_token’ and ‘user_secret’ no doubt (I never used this library) together with your app’s Consumer Token/Secret for it to authenticate.
I’m sorry if you know all this already and that it’s not a ready-fit answer. It’s just my impression that you don’t yet have access tokens for your other users.