Home » Coding

How to use Twitter OAuth v1.1 with JavaScript/jQuery

February 25th, 2013, by Mike Rogers to Coding

In March 2013 Twitter plans to retire version 1 of their REST API, however it’s replacement requires all requests to use OAuth signed headers. As a result if you’re using JavaScript to pull in a twitter feed to show on your website, you might be in for a spot of bother. However I’ve put together a little script which will allow you to remain using your JavaScript implementation, until you have time to move to the Twitter API 1.1 completely.

The Code

Create a file called twitter-proxy.php and place it somewhere publicly accessible on your server.

<?php /** * Usage: * Send the url you want to access url encoded in the url paramater, for example (This is with JS): * /twitter-proxy.php?url='+encodeURIComponent('statuses/user_timeline.json?screen_name=MikeRogers0&count=2') */ // The tokens, keys and secrets from the app you created at https://dev.twitter.com/apps $config = array( 'oauth_access_token' => 'token-here', 'oauth_access_token_secret' => 'token-here', 'consumer_key' => 'token-here', 'consumer_secret' => 'token-here', 'use_whitelist' => true, // If you want to only allow some requests to use this script. 'base_url' => 'http://api.twitter.com/1.1/' ); // Only allow certain requests to twitter. Stop randoms using your server as a proxy. $whitelist = array( 'statuses/user_timeline.json?screen_name=MikeRogers0&count=10&include_rts=false&exclude_replies=true'=>true ); /* * Ok, no more config should really be needed. Yay! */ // We'll get the URL from $_GET[]. Make sure the url is url encoded, for example encodeURIComponent('statuses/user_timeline.json?screen_name=MikeRogers0&count=10&include_rts=false&exclude_replies=true') if(!isset($_GET['url'])){ die('No URL set'); } $url = $_GET['url']; if($config['use_whitelist'] && !isset($whitelist[$url])){ die('URL is not authorised'); } // Figure out the URL parmaters $url_parts = parse_url($url); parse_str($url_parts['query'], $url_arguments); $full_url = $config['base_url'].$url; // Url with the query on it. $base_url = $config['base_url'].$url_parts['path']; // Url without the query. /** * Code below from http://stackoverflow.com/questions/12916539/simplest-php-example-retrieving-user-timeline-with-twitter-api-version-1-1 by Rivers * with a few modfications by Mike Rogers to support variables in the URL nicely */ function buildBaseString($baseURI, $method, $params) { $r = array(); ksort($params); foreach($params as $key=>$value){ $r[] = "$key=" . rawurlencode($value); } return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r)); } function buildAuthorizationHeader($oauth) { $r = 'Authorization: OAuth '; $values = array(); foreach($oauth as $key=>$value) $values[] = "$key=\"" . rawurlencode($value) . "\""; $r .= implode(', ', $values); return $r; } // Set up the oauth Authorization array $oauth = array( 'oauth_consumer_key' => $config['consumer_key'], 'oauth_nonce' => time(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_token' => $config['oauth_access_token'], 'oauth_timestamp' => time(), 'oauth_version' => '1.0' ); $base_info = buildBaseString($base_url, 'GET', array_merge($oauth, $url_arguments)); $composite_key = rawurlencode($config['consumer_secret']) . '&' . rawurlencode($config['oauth_access_token_secret']); $oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true)); $oauth['oauth_signature'] = $oauth_signature; // Make Requests $header = array( buildAuthorizationHeader($oauth), 'Expect:' ); $options = array( CURLOPT_HTTPHEADER => $header, //CURLOPT_POSTFIELDS => $postfields, CURLOPT_HEADER => false, CURLOPT_URL => $full_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false ); $feed = curl_init(); curl_setopt_array($feed, $options); $result = curl_exec($feed); $info = curl_getinfo($feed); curl_close($feed); // Send suitable headers to the end user. if(isset($info['content_type']) && isset($info['size_download'])){ header('Content-Type: '.$info['content_type']); header('Content-Length: '.$info['size_download']); } echo($result); ?>

Be sure to update the $config variable with the tokens, keys and secrets provided by Twitter when you create an app on their developer site (this is free).

Usage

Usage is pretty simple, instead of pointing your JavaScript XML request to Twitter just point it to the file you created instead. For example:

/* * Before code */ $.getJSON('http://api.twitter.com/1/statuses/user_timeline.json?screen_name=MikeRogers0&count=2', function(d){ // Some magic here } /* * Change to */ $.getJSON('/twitter-proxy.php?url='+encodeURIComponent('statuses/user_timeline.json?screen_name=MikeRogers0&count=2'), function(d){ // Some magic here }

List current active connections on Mac OSX

November 20th, 2012, by Mike Rogers to Coding

This is a handy little terminal script I’ve used a lot recently which lists the current active connections on OSX. It’s really handy for seeing if Apache / Node.js / Ruby stuff is running on ports correctly.

Getting started with Git

June 26th, 2012, by Mike Rogers to Git

Git is a really powerful piece of version control software. Here is a short crash course on how to get started on it, I presented at the University of Portsmouth in April 2012.

10 Brilliant Web Development & Technology Podcasts

October 30th, 2011, by Mike Rogers to Coding, Design

I am a big fan of podcasts, here is a handful of really good podcasts that I’ve been listening to over the last month on my commute to work. If you use Google Reader (With Google Listen), you can quickly subscribe to this via the bundle I created.

MySQL REPLACE function

September 10th, 2011, by Mike Rogers to MySQL

MySQL always surprises me in the sheer amount of stuff you can do in it. For example I recently found it has a bunch of String Functions. The main one I found to be useful was the REPLACE function, which works like this:

Using cookieless domains to improve a website performance

July 1st, 2011, by Mike Rogers to Browsers, Coding

Fast loading times are a really important factor when it comes to website ranking, so it’s important to remove as much unnecessary data as possible. A good method to do this is via cookieless domains.

Cookieless domains are (as the name suggests) are domains, in which the user will not send cookies (Which can add quite a few kilobytes to a request). For example, say I want a user to load a static image it would be silly of them to also send me the cookie data. Luckily they are super easy to set up.

PDO (PHP Data Objects) – Starter Guide

July 1st, 2011, by Mike Rogers to PHP

It may surprise you to hear, that using the mysql_connect() function in PHP has recently be marked as “old hat” coding because it’s slow in comparison with newer methods. A better alternative is PDO (PHP Data Objects), a lightweight method for accessing databases. Here is a quick overview to help you get started with PDO.

Reasons to use PDO

It’s Fast - it talks to the database via a database specific PDO-driver.
It’s Object Oriented – The methods within the class are the same for each database driver, so you can easily change your database driver without lots of extra coding.
It’s Flexible- You can easily change between such database drivers as PostgreSQL, MySQL or SQLite by pretty much just changing your construct statement.
It’s Safer – PDO encourages you to bind parameters to your SQL query’s, meaning that it’s significantly less likely your website will suffer from a SQL injection based attack.

JavaScript Selector Methods (Use CSS selectors in JS)

March 18th, 2011, by Mike Rogers to JavaScript

I was recently introduced a group of really funky new HTML5 JavaScript methods, which make me seriously think we can avoid having to include the jQuery library in lots of small websites. These methods are querySelectorAll() and querySelector().

In a nutshell, these methods behave exactly the same as the jQuery selector but comes integrated into the browser, meaning you input the CSS selector (e.g. “#myDiv” or “.MyClass”) and out pops the first element in the tree, or a StaticNodeList of the elements (depending on whether you use the All part) .

PHP’s Ctype Functions

March 5th, 2011, by Mike Rogers to PHP

A few days ago I was researching methods of validating alphanumeric strings and I was shown PHPs Ctype Functions by Sebastian Roming.

In a nutshell they are a group of PHP functions why can be used to check strings to see if they are alphanumeric, numeric etc without using regex (So they are fast!). The key thing to remember is that they return TRUE or FALSE, unlike filter_var which returns FALSE or the string.
Here is the code example:

How to validate an email address with PHP

March 5th, 2011, by Mike Rogers to PHP

Validating an email address is a great way to reduce spam on your website, but there are several methods to do it. You could use a messy regex approach or alternatively you could also use PHP built in functions, it’s really up to you. Here is the function I use: