Abraham's TwitterOAuth access_token keeps disapearing after refresh or button click

Question

I'm trying to get the access_token of an user that just gave authorization to my twitter app. When I login, it works, but only remembers my access_token until I refresh or click on a button.

Code that I'm using:

require(__DIR__ . '/../../lib/data/twitter-login-api/autoload.php');
use Abraham\TwitterOAuth\TwitterOAuth;

$oauth_callback = OAUTH_CALLBACK;
$consumer_key = OAUTH_KEY;
$consumer_secret = OAUTH_SECRET;

//Do something if $_REQUEST occur and previous session is equal to current $_REQUEST
if (isset($_REQUEST['oauth_token']) && $_SESSION['oauth_token'] === $_REQUEST['oauth_token']) {

    //Open first connection at callback
    $connection = new TwitterOAuth($consumer_key, $consumer_secret,  $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);

    //Then verify your token
    $access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));

    //Now you can save them
    $_SESSION['new_session_for_oauth_token'] = $access_token['oauth_token'];
    $_SESSION['new_session_for_oauth_token_secret'] = $access_token['oauth_token_secret'];

    //You may also check it first
    $connection = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['new_session_for_oauth_token'], $_SESSION['new_session_for_oauth_token_secret']);
    $check = $connection->get("account/verify_credentials");
    $username = $check->name;

    //To echo your account's stat
    echo '<p>' . $check->statuses_count . '</p>';
    echo '<p>' . $check->friends_count . '</p>';
    echo '<p>' . $check->followers_count . '</p>';
    echo '<p>' . $check->favourites_count . '</p>';

    //And finally unset previous sessions
    unset($_SESSION['oauth_token']);
    unset($_SESSION['oauth_token_secret']);

   //this is the end of callback url
} else {

    $connection = new TwitterOAuth($consumer_key, $consumer_secret);
    $request_token = $connection->oauth('oauth/request_token', array("oauth_callback" => $oauth_callback));

    $_SESSION['oauth_token'] = $request_token['oauth_token'];       
    $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];

    $twitter_url = $connection->url("oauth/authorize", array("oauth_token" => $request_token['oauth_token']));
}

It logs me in one time and I receive the access_token and access_token_secret but I need them to stay in a session so that I can also use it after a page refresh or click on a button.

What am I doing wrong?

Answer 1

I thought it's happen because you were instantiating a "non-access-tokened" connection before you verifying the access token.

At the very beginning,

//Open first connection at callback
$connection = new TwitterOAuth($consumer_key, $consumer_secret,  $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);

//Then verify your token
$access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));

//Now you can save them
$_SESSION['new_session_for_oauth_token'] = $access_token['oauth_token'];
$_SESSION['new_session_for_oauth_token_secret'] = $access_token['oauth_token_secret'];

---

Another thing you should notice that, you do need to unset previous token (before authorized) but of course after the authorizing phase has passed. And here, I added more expression better (on my sight) since you have only one page for "request" and "callback"

//Do something if $_REQUEST occur and previous session is equal to current $_REQUEST
if (isset($_REQUEST['oauth_token']) && $_SESSION['oauth_token'] === $_REQUEST['oauth_token']) {

    //Open first connection at callback
    $connection = new TwitterOAuth($consumer_key, $consumer_secret,  $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);

    //Then verify your token
    $access_token = $connection->oauth("oauth/access_token", array("oauth_verifier" => $_REQUEST['oauth_verifier']));

    //Now we overwrite previouse session with verified one
    $_SESSION['oauth_token'] = $access_token['oauth_token'];
    $_SESSION['oauth_token_secret'] = $access_token['oauth_token_secret'];

    //You may also check it first
    $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['new_session_for_oauth_token'], $_SESSION['new_session_for_oauth_token_secret']);
    $check = $connection->get("account/verify_credentials");

    //To echo your account's stat
    echo $check->statuses_count;
    echo $check->friends_count;
    echo $check->followers_count;
    echo $check->favourites_count;

    //And finally unset previous sessions
    unset($_SESSION['oauth_token']);
    unset($_SESSION['oauth_token_secret']);

   //this is the end of callback url
} elseif (isset($_GET['twitter']) && $_GET['twitter'] === 'login') {
    //Request a token aka login

    $connection = new TwitterOAuth($consumer_key, $consumer_secret);
    $request_token = $connection->oauth('oauth/request_token', array("oauth_callback" => $oauth_callback));

    $_SESSION['oauth_token'] = $request_token['oauth_token'];       
    $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];

    $twitter_url = $connection->url("oauth/authorize", array("oauth_token" => $request_token['oauth_token']));
} elseif (isset($_GET['twitter']) && $_GET['twitter'] === 'logout') {
    //Destroy the session aka logout

    unset($_SESSION['oauth_token']);
    unset($_SESSION['oauth_token_secret']);
    $url = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
    header("location: {$url}");
    exit();
}

//Before or after this snippet is HTML part

Now, in your HTML part, if you're going to login to Twitter, go to example.org/page.php?twitter=login . You can also do logging out by example.org/page.php?twitter=logout