Oauth / Twitter Auth Adapter for Zend Framework

By , Saturday 23rd April 2011 3:57 pm

Work continues (slowly) on my new Twitter-based application. Over the next couple of bank holidays I hope to get the momentum going again on the project (in-spite of the wonderful weather at present). Anyway, my next task was to create an authentication adapter for the Zend Framework. I had a working login implementation, but having a drop in Auth adapter for Zend Framework seemed like an attractive proposal, so I created it….

(I’m not going to go through Oauth or registering your application with twitter, there’s hundreds of guides and its a fairly straightforward process anyhow.)

Enjoy Consumer Confidence

The difference between Oauth and the other authenication adapters in the Zend Framework is that Oauth requires redirecting back and forth between the oauth provider and the requesting server by the client. Therefore the process isn’t quite as straight forward as simply looking up some details in a database or checking request headers. Fortunately the Zend Framework components, such as Zend_Oauth_Consumer, take much of the pain away and its just the job of the auth adapter to make the required method calls.

For a guide to using Zend_Auth and performing authentication with Zend Framework have a search on google, or check out this tutorial by Matthew Weier O’Phinney – Login and Authentication.


In order to use the authentication adapter you need to pass two objects in via the constructor. The first is an instance of Zend_Oauth_Consumer set up for your Oauth provider. I’ve been doing this with Twitter’s service and you can see a quick piece on that here – Sign in with Twitter using Zend Framework. I’m using my implementation where I set the “Authorize URL” as I don’t want user’s to be asked to give permission to the application every time they attempt to login. The second parameter is an instance of Zend_Session_Namespace that is instantiated with the namespace into which you wish to place the authentication details. In my code I have something like the following:

$config = array(
    'callbackUrl'    => ...callback-url...,
    'siteUrl'        => 'https://twitter.com/oauth',
    'consumerKey'    => ...consumer-key...,
    'consumerSecret' => ...secret-key...,
$consumer = new Zend_Oauth_Consumer($config);
$session = new Zend_Session_Namespace(Pro_Auth_Adapter_Twitter::AUTH_NAMESPACE);
$authAdapter = new Pro_Auth_Adapter_Oauth($consumer, $session);

Calling ->authenticate() on the adapter will then cause a redirect to the Oauth provider (again in my case Twitter). Upon returning to the application the second call to ->authenticate() will actually perform the authentication itself.

If you wished the user to return to the initally requested page then provided your authentication status is checked on each request then simply setting the appropriate ‘callBackUrl’ parameter at load time would get the user to their originally intended destination.

One last feature I added was the ability to send additional parameters using the addParameter() and setParameters() methods. Adding this functionality allows the sending of additional GET parameters when making the initial redirect to the Oauth provider. In my case, this allows me to pass an array with a key of ‘force_login‘ and value of true which forces Twitter to request you login again (even if already logged in) which is great for multi-linked-account applications.

The code is available on my GitHub repo – Oauth auth adapter for Zend Framework code (comments welcome!).

Edit: Looks like someone else has been on the case as well. For another implementation please see http://www.jasonawesome.com/2010/11/24/authenticating-to-twitter-with-zend_auth/

Liked this post? Follow this blog to get more. 

Leave a Reply

You must be logged in to post a comment.

Panorama Theme by Themocracy

1 visitors online now
0 guests, 1 bots, 0 members
Max visitors today: 6 at 03:27 am UTC
This month: 15 at 10-10-2017 02:55 pm UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC