skip to Main Content

I’m using Hybridauth 3 in my PHP app to make some periodical tweets on behalf of my account.
The app has all possible permissions. I’m giving it all permissions when it asks for them on the first auth step.
After that Twitter redirects me to the specified callback URL and there I’m getting a pair of access_token and access_token_secret.
But when I’m trying to make a tweet using these tokens – it gives me:

{"errors":[{"code":220,"message":"Your credentials do not allow access to this resource."}]} 

Here’s how I’m trying to make a tweet:

$config = [
    'authentication_parameters' => [
    //Location where to redirect users once they authenticate 
    'callback' => 'https://mysite/twittercallback/',
    //Twitter application credentials
    'keys' => [
            'key'     => 'xxx', 
            'secret' => 'yyy' 
    ],
    'authorize' => true
    ]
];

$adapter = new HybridauthProviderTwitter($config['authentication_parameters']);

//Attempt to authenticate the user 
$adapter->setAccessToken(/*tokens I've got from getAccessToken() on /twittercallback/*/);

if(! $adapter->isConnected()) {
    // never goes here, so adapter is connected
    return null;
}

try{  
    $response = $adapter->setUserStatus('Hello world!');
}
catch (Exception $e) {
    // here I've got the error
    echo $e->getMessage();
    return;
}

Tried to recreate tokens and keysecret pairs and passed auth process for the app many times, including entering password for my Twitter account (as suggested in some posts on stackoverflow) but still have this error.

P.S. According to this, Hybridauth has fixed the issue in the recent release.

4

Answers


  1. Chosen as BEST ANSWER

    After comparing headers of outgoing requests from my server with the ones required by Twitter, I've noticed that Hybris doesn't add very important part of the header: oauth_token. At least it's not doing this in the code for Twitter adapter and for the scenario when you apply access token with setAccessToken(). It's just storing tokens in the inner storage but not initializing corresponding class member called consumerToken in OAuth1 class. So to initialize the consumer token properly I've overridden the apiRequest method for Twitter class (before it used the defalut parent implementation) and added a small condition, so when consumer token is empty before the request - we need to try to init it.

    public function apiRequest($url, $method = 'GET', $parameters = [], $headers = [])
        {
            if(empty($this->consumerToken)) {
                $this->initialize();
            }
    
            return parent::apiRequest($url, $method, $parameters, $headers);
        }
    

    I'm not sure that I've fixed it the best way, but as long as it's working - that's fine.


  2. It looks like you are using application authentication as opposed to user authentication. In order to post a tweet, you must authenticate as a user. Also, make sure your Twitter app has read/write privileges.

    Login or Signup to reply.
  3. For your info setAccessToken was fixed in v3.0.0-beta.2 (see PR https://github.com/hybridauth/hybridauth/pull/880)

    Login or Signup to reply.
  4. I faced the same error when implementing a sample app in clojure and the following resource was a huge help to sort out my confusion about application-only auth vs user authentication: https://developer.twitter.com/en/docs/basics/authentication/overview/oauth

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search