twitter login

app/Authenticate.php

@@ -8,6 +8,7 @@
 class Authenticate {
 
   use Provider\GitHub;
+  use Provider\Twitter;
   use Provider\IndieAuth;
 
   public function start(ServerRequestInterface $request, ResponseInterface $response) {

app/Provider/IndieAuth.php

@@ -23,7 +23,7 @@ public function redirect_indieauth(ServerRequestInterface $request, ResponseInte
 
     // Verify the state parameter
     if(!isset($_SESSION['state']) || $_SESSION['state'] != $query['state']) {
-      die('Invalid state parameter from GitHub');
+      die('Invalid state parameter from IndieAuth server');
     }
 
 

app/Provider/Twitter.php

@@ -4,11 +4,105 @@
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Config;
+use Abraham\TwitterOAuth\TwitterOAuth;
 
 trait Twitter {
 
-  private function _start_github(&$response, $me, $details) {
-    die($me);
+  private function _start_twitter(&$response, $login_request, $details) {
+    $_SESSION['twitter_expected_user'] = $details['username'];
+
+    $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret);
+
+    $request_token = $twitter->oauth('oauth/request_token', [
+      'oauth_callback' => Config::$base . 'redirect/twitter'
+    ]);
+    $_SESSION['twitter_request_token'] = $request_token;
+    $twitter_login_url = $twitter->url('oauth/authorize', ['oauth_token' => $request_token['oauth_token']]);
+
+    pa($details);
+
+    die('Me: '.$login_request['me'].' Click to continue <a href="'.$twitter_login_url.'">'.$twitter_login_url.'</a>');
+  }
+
+  public function redirect_twitter(ServerRequestInterface $request, ResponseInterface $response) {
+    session_start();
+
+    $query = $request->getQueryParams();
+
+    $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
+      $_SESSION['twitter_request_token']['oauth_token'], $_SESSION['twitter_request_token']['oauth_token_secret']);
+    $credentials = $twitter->oauth('oauth/access_token', ['oauth_verifier' => $query['oauth_verifier']]);
+
+    unset($_SESSION['twitter_request_token']);
+
+    if(!isset($credentials['screen_name'])) {
+      // Error authorizing
+      echo 'Twitter error';
+      pa($credentials);
+      die();
+    }
+
+    $twitter_user = $credentials['screen_name'];
+
+    if($twitter_user != $_SESSION['twitter_expected_user']) {
+      echo 'A different Twitter user authenticated';
+      die();
+    }
+
+    $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
+      $credentials['oauth_token'], $credentials['oauth_token_secret']);
+
+    // Fetch the full profile to look for the link to their website
+    $profile = $twitter->get('users/show', ['screen_name'=>$twitter_user]);
+
+    if(!$profile) {
+      echo 'Problem fetching twitter profile';
+      die();
+    }
+
+    $verified = false;
+    $expanded_url = false;
+
+    // Extract the expanded profile URL
+    if(isset($profile->url) && $profile->url && isset($profile->entities->url->urls)
+      && count($profile->entities->url->urls)) {
+      $expanded_url = $profile->entities->url->urls[0]->expanded_url;
+
+      if($expanded_url == $_SESSION['expected_me']) {
+        $verified = true;
+      }
+    }
+
+    // If not found in the URL field, check links in the bio
+    if(!$verified) {
+      if($profile->description) {
+        $bio = $profile->description;
+        foreach($profile->entities->description->urls as $url) {
+          $bio = str_replace($url->url, $url->expanded_url, $bio);
+        }
+        if(strpos($bio, $_SESSION['expected_me']) !== false) {
+          $verified = true;
+        }
+      }
+    }
+
+    if(!$verified) {
+      if($expanded_url)
+        echo 'Your Twitter profile linked to '.$expanded_url.' but we were expecting '.$_SESSION['expected_me'];
+      else
+        echo 'There was no link in your Twitter profile.';
+
+      pa($profile);
+      die();
+    }
+
+    // Store this in the session to remember them for next time
+    $_SESSION['me'] = $_SESSION['expected_me'];
+
+    unset($_SESSION['twitter_expected_user']);
+    unset($_SESSION['expected_me']);
+
+    return $this->_finishAuthenticate($response);
   }
 
 }

composer.json

@@ -9,7 +9,8 @@
         "p3k/http": "^0.1.7",
         "mf2/mf2": "^0.4.3",
         "indieweb/link-rel-parser": "^0.1.3",
-        "predis/predis": "^1.1"
+        "predis/predis": "^1.1",
+        "abraham/twitteroauth": "^0.7.4"
     },
     "autoload": {
       "psr-4": {

public/index.php

@@ -26,6 +26,7 @@
 $route->map('POST', '/auth', 'App\\Authenticate::verify');
 
 $route->map('GET', '/redirect/github', 'App\\Authenticate::redirect_github');
+$route->map('GET', '/redirect/twitter', 'App\\Authenticate::redirect_twitter');
 $route->map('GET', '/redirect/indieauth', 'App\\Authenticate::redirect_indieauth');