PHP: OAuth Sample Code

Hi Everyone! I know we've been promising some sample code for doing OAuth authentication with our API. So here is the first bit! I'd also like to apologize for the main API documentation. It has been updated -- but was pointing to the wrong end_point URLS for getting access tokens and request tokens. The following code uses the OAuth Client library found here: ( -- but any library will work. Please let me know if you have any problems! -Christian

   * testapiAction
   * The following code tests the OAUTH authentication method of our API.
   * It uses the OAUTH clientside library -- but any oauth library would work.
   * Much of this code will be handled by your library -- but we're spelling everything out here.
   * the most important pieces of information are: consumer key, secret, the end_point URLS and the callback url.  (and the URL of the API too)
   * @author Christian
  public function testapiAction()
  	//The following codes are the consumer key and secret
  	//every application that uses our api will need one of these and you can register one at (in an account)
    $key = 'put your key here'; // this is your consumer key
    $secret = 'put your secret here'; // this is your secret

    //This is the main "head" of the api -- all oauth calls go through the API.
    $host = '';
    //This is the URL that we use to request a new access token
    $request_token = $host .'/oauth/request_token';
    //After getting an access token we'll want to have the user authenicate 
    $authorize_url = $host .'/oauth/authenticate';
    //this final call fetches an access token.
    $access_token = $host .'/oauth/access_token';
    $options = array
      'consumer_key' => $key,
      'consumer_secret' => $secret,
      'request_token_uri' => $request_token,
      'authorize_uri' => $authorize_url,
      'access_token_uri' => $access_token

    //create the acctual session (this is where perminant tokens would be loaded in real code... but just testign here)
    OAuthStore::instance("Session", $options);

      // Okie dokie, let's see if we are already in the process of getting a token or not
      if (empty($_GET["oauth_token"]))
      { // nope, no token -- so let's start by requesting an access token from the surveygizmo api
        $getAuthTokenParams = array('xoauth_displayname' => 'Christian Vaneks Groovy Test', //this is the name of the application asking for Approval. It will be shown on the approval page
                'oauth_callback' => '');  // this is the call back to my application (this test code)

        //Request a Request Token - this is done totally server-to-server
        $tokenResultParams = OAuthRequester::requestRequestToken($key, 0, $getAuthTokenParams);

        //Okie dokie, now let's authorize (this requires a redirect) -- when we come back we'll be in the next part of this IF statement
        header("Location: " . $authorize_url . "?oauth_token=" . $tokenResultParams['token']);
        //We have a request token that's been authorized at this point (assuming the login and the "approve" button was pressed successfully)
        $oauthToken = $_GET["oauth_token"];
        //Let's load the auth token from the GET parameter
        $tokenResultParams = $_GET;
        try {
        	//the next step is to ask for an access token (which actually lets us grab data).
            OAuthRequester::requestAccessToken($key, $oauthToken, 0, 'POST', $_GET);
        catch (OAuthException2 $e)
        	echo "Errors occured" . $e;
        	//if an error occurs here it's likely the result of a signature verification problem.  It might also be be-becuase the request token expired (unlikely for us) 

        //WE HAVE ACCESS!!!
        //Yes, at this point the token has been flagged as authorized and turned into an access token - ready to make calls.
        //so let's make a simple call to get the user list from the API for this account 
        $request = new OAuthRequester("", 'GET', $tokenResultParams);
        //making request...
        $result = $request->doRequest(0);
        //Request has been made!  Let's display the results
        if ($result['code'] == 200) // codes in the 200s mean success. 
          //print out the token information (just for fun)
          echo '

Token Result

'; print_r($tokenResultParams); //this is the entire $result array returned from the OAuthClient library echo '


'; print_r($result); //this is likely what we are interested in -- the body of the response from the other server echo '


'; print_r($result['body']); } else { //if we didn't get 200 back it's an error echo 'Error'; } } } catch(OAuthException2 $e) { //general error catching. sure hope we don't need it! echo "OAuthException: " . $e->getMessage(); } exit; }