Getting an OAuth Access Token from the Command Line

      Comments Off on Getting an OAuth Access Token from the Command Line

OAuth is great – there's no need to save users' passwords, it's – in theory – a consistent way to interact with other services, and it's hopefully something that your users are familiar and comfortable using. But if you're not just interacting with your users' accounts – for example, your application uses a single account on a service to broadcast messages, or analyze data – getting or renewing the access token can be painful.

For example, take a Twitter application that acts as a auctioneer – tracking bids in the form of @mentions, posting the current high bid, and replying or sending direct messages to the participants. In that case only one OAuth token is needed for the application’s Twitter account. So how do you get the token?

Setup a rarely used admin function to authorize the application's Twitter account? Use a one off script to request then echo the credentials to the browser and copy/paste to a config file?

In that case the application is acting like a desktop application – at least from the perspective of the web server. Some services offer a PIN-based OAuth dance for that use case, and a while back I ran across a more elegant way to do this: A Self Updating Command Line Script

The code looked great, but I use Zend_Twitter. So let's do the same thing – use a command line script and PIN based OAuth request – with my favorite framework.

The initial request token setup looks much like a normal request:

The only thing missing is a callbackUrl. If you’ve setup your application type as ‘client’ in Twitter, you don’t need to specify any callbackUrl. If the application type is ‘browser’, then you’ll need to override the default callback – but not in the config array. Doing it there will get you a Zend_Oauth_Exception about an invalid URI. You’ll need to set the special callback – ‘oob’ – when getting the request token:

Then simply echo the OAuth link to so the account can grant access, and instead of redirecting, Twitter will show the user a PIN:

Once the PIN is entered, the process is similar to how you would get a normal access token. Since getAccessToken() expects an array of GET parameters, that can be emulated by passing an array with the pin and the original request token (just the token, as it would have been passed back to the callback). The request token is also passed as the second parameter (as a Zend_Oauth_Token_Request):

The access token can be persisted a few different ways. Most of the Zend_Oauth examples serialize the token and store it, but to keep things friendly to humans, let’s just echo the token’s data:

Now that the core functionality is working, things can be made a little better. Instead of hard coding the application’s OAuth keys, let’s grab them from the command line using Zend_Getop:

We now have a nice command line script that can get an access token for any Twitter application. But it still requires a bit of copy/paste to store the token keys someplace. Let’s add the ability to pull the applications OAuth keys from a config file, then write the access token data to that config file. First a few options are added to the getop:

Then, if a config file is passed, the key and secret are loaded from it (at this point the script expects the data to be in oauth->consumer->key, but that could be made more flexible):

The script can read the application’s keys from the config file, so now let’s update that same config file instead of just echoing the token data.

But wait – how do you use the token? Most of the Zend_Oauth examples persist the serialized access token object, not the more human friendly token/secret pair. Here’s how to setup the access token manually (it’s really pretty simple):

And there it is, a simple command line script to OAuth an application’s account – and optionally, update the config file. Seems like someone should take this and make it even nicer with Zend_Tool.

You can view the code (along with the various changes) at gist.github.com.