Twitter Integration: Backend endpoint to request token

twitter-request-token.php

<?php
/**
 * Twitter Integration: Backend endpoint to request token
 *
 * @author Maykonn Welington Candido<[email protected]>
 * @see https://developer.twitter.com/en/docs/basics/authentication/api-reference/request_token
 *
 * @uses This file must be requested by a application passing the callback_url on querystring. Response Content-Type is application/json.
 * @example https://mydomain.com/twitter/request_token.php?callback_url=https://mydomain.com/path-to-redirect-after-request-token
 */

header('Content-Type: application/json');
header("Access-Control-Allow-Origin: *");


$oauthParams = [
    'oauth_callback' => filter_input(INPUT_GET, 'callback_url', FILTER_SANITIZE_URL),
    'oauth_consumer_key' => 'AsDf1234QwEr9876o0', // consumer key from your twitter app: https://apps.twitter.com
    'oauth_nonce' => md5(uniqid()),
    'oauth_signature_method' => 'HMAC-SHA1',
    'oauth_timestamp' => time(),
    'oauth_version' => '1.0',
];


$baseURI = 'https://api.twitter.com/oauth/request_token';
$baseString = buildBaseString($baseURI, $oauthParams); // build the base string


$consumerSecret = '4545sadfd6898SDFDFfdsad'; // consumer secret from your twitter app: https://apps.twitter.com
$compositeKey   = getCompositeKey($consumerSecret, null); // first request, no request token yet
$oauthParams['oauth_signature'] = base64_encode(hash_hmac('sha1', $baseString, $compositeKey, true)); // sign the base string


echo json_encode(sendRequest($oauthParams, $baseURI));
return;


function getCompositeKey($consumerSecret, $requestToken){
    return rawurlencode($consumerSecret) . '&' . rawurlencode($requestToken);
}


function buildBaseString($baseURI, $oauthParams){
    $baseStringParts = [];
    ksort($oauthParams);

    foreach($oauthParams as $key => $value){
        $baseStringParts[] = "$key=" . rawurlencode($value);
    }

    return 'POST&' . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $baseStringParts));
}


function buildAuthorizationHeader($oauthParams){
    $authHeader = 'Authorization: OAuth ';
    $values = [];

	foreach($oauthParams as $key => $value) {
        $values[] = "$key=\"" . rawurlencode( $value ) . "\"";
    }

    $authHeader .= implode(', ', $values);
    return $authHeader;
}


function sendRequest($oauthParams, $baseURI){
    $header = [buildAuthorizationHeader($oauthParams), 'Expect:'];

    $options = [
        CURLOPT_HTTPHEADER => $header,
        CURLOPT_HEADER => false,
        CURLOPT_URL => $baseURI,
        CURLOPT_POST => true,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_SSL_VERIFYPEER => false,
    ];

    $ch = curl_init();
    curl_setopt_array($ch, $options);
    $response = curl_exec($ch);
    $httpInfo = curl_getinfo($ch);

    curl_close($ch);

    if($httpInfo['http_code'] <> 200) {
        return [
            'success' => false,
            'message' => curl_error(),
            'code' => curl_errno(),
            'http_info' => (object) $httpInfo,
        ];
    }


    $parts = explode('&', $response);

    return [
        'success' => true,
        'message' => false,
        'code' => false,
        'oauth_token' => explode('=', $parts[0])[1],
    ];
}