Despite all the twitter hate at the moment, I’ve set out to create a new twitter-based application. Being someone who manages several accounts (both personal and for my charity work) I’ve been needing a tool for sometime that I’m just getting around to writing (more of that in the near future…).
I’ve read up on Zend_Oauth_Consumer and how it can be used to get authorisation for interacting with twitter using oauth. All well and good, I have my access key and I can merrily post away on a user’s behalf. There’s plenty of resources out there to do this so I won’t bore people.
The next step was to allow people to return to the website, log in and modify their account. This is where I reached a slight problem. Using the code examples on websites meant that I’d have twitter asking me for access authorisation again for each login, not good. Scanning through the framework I couldn’t see anything which would allow me to just request authentication. That isn’t to say its not there, but there didn’t seem to be an authentication mechanism that could be invoked without knowing the access token already.
The alternatives were to implement a site-based log in or somehow store the user’s access token on the client (encrypted of course). Neither of these seemed like a good/suitable solution.