search

themattharris / tmhOAuth

An OAuth 1.0A library written in PHP
Apache License 2.0
857 stars 335 forks source link

update_with_media: "Invalid or expired token (code 89)" after authorize app #158

Closed fmschuler closed 10 years ago

fmschuler commented 10 years ago

Hello! I´m a newbie in php and trying to use thmOAuth v0.8.3 to tweet with media. Based on the tmhOAuthExamples I made my code merging two files on the index.php: oauth_authorize_flow.php and photo_tweet.php

When I click on the "login with Twitter" to authorize the app, everything is ok. Get the token, secret token, redirect back... But when I try to tweet returns the error "Invalid or expired token (code 89)".

Can somebody explain what I'm doing wrong here? I appreciate any help!

You can see in action here: http://filipeschuler.com/tmhOAuth/

Here is the code of index.php <?php require 'tmhOAuthConfig.php'; $tmhOAuth = new tmhOAuthConfig(); session_start(); ?>

```

01 - OAuth Flow

Something went wrong

apponly_request(array( 'without_bearer' => true, 'method' => 'POST', 'url' => $tmhOAuth->url('oauth/request_token', ''), 'params' => array( 'oauth_callback' => php_self(false), ), )); if ($code != 200) { error("There was an error communicating with Twitter. {$tmhOAuth->response['response']}"); return; } // store the params into the session so they are there when we come back after the redirect $_SESSION['oauth'] = $tmhOAuth->extract_params($tmhOAuth->response['response']); // check the callback has been confirmed if ($_SESSION['oauth']['oauth_callback_confirmed'] !== 'true') { error('The callback was not confirmed by Twitter so we cannot continue.'); } else { $url = $tmhOAuth->url('oauth/authorize', '') . "?oauth_token={$_SESSION['oauth']['oauth_token']}"; ?>

Login with Twitter

reconfigure(array_merge($tmhOAuth->config, array( 'token' => $_SESSION['oauth']['oauth_token'], 'secret' => $_SESSION['oauth']['oauth_token_secret'], ))); $code = $tmhOAuth->user_request(array( 'method' => 'POST', 'url' => $tmhOAuth->url('oauth/access_token', ''), 'params' => array( 'oauth_verifier' => trim($params['oauth_verifier']), ) )); if ($code == 200) { $oauth_creds = $tmhOAuth->extract_params($tmhOAuth->response['response']); ?>

Authorized as @.

User Token:
User Secret:

02 - Photo Tweet

"@{$_FILES['image']['tmp_name']};type={$_FILES['image']['type']};filename={$_FILES['image']['name']}", 'status' => $_POST['status'] ); $code = $tmhOAuth->user_request(array( 'method' => 'POST', 'url' => $tmhOAuth->url("1.1/statuses/update_with_media"), 'params' => $params, 'multipart' => true )); if ($code == 200) : $data = json_decode($tmhOAuth->response['response'], true); ?>

Hello, @.

You just tweeted

Something went wrong

response['error'] ?>



response['raw'])) : ?>

Raw Response

            response['raw']; ?>
```

themattharris commented 10 years ago

thanks for writing. after your call to access token i can see you set the variable $oauth_creds but i don't see you save those to the $_SESSION, or use them to reconfigure tmhOAuth. the oauth_token you use for the OAuth handshake is different to the one you will finally get after the last POST to oauth/access_token. as such you'll want to make sure you save the oauth_token and oauth_secret returned from your POST to oauth/access_token before making any future requests.

hope that helps.