Automated tweets now there is OAuth? Sending Tweets from PHP Command line

For quite some time I’ve been using a scheduled php script to automatically send twitter updates (tweets) to my own account.

Since it was very easy and convenient to do this with the so called basic authentication, I used/modified the simple script provided by Fabien Potencier.

NOW, BASIC AUTH IS GONE!! (Correction: See Update below)

It was long announced, but since September 1st, they really switched it off and this method does not work anymore because now there is only OAuth.

The “strange” (and more secure) thing about OAuth is, that you allow an application to do something with your twitter account, but you do not give out your credentials to the application, you just grant permissions. In most cases, when you are browsing the web, this makes sense if a third party application wants to do something with your account. But in my case, there is just ME, MY TWITTER ACCOUNT and MY PHP SCRIPT that want to communicate, not a bunch of different users.

So: What do I have to do to make it work again?

Step 1: Officially set up your application in Twitter Apps

On you can and have to define your application with a name, some details and a callback URL. Details on this one later.

Step 2: Get and configure the TwitterOAuth PHP Package

On Github, one of the Twitter developers maintains a package for PHP. Download/git-clone it to your web server. You need to adjust the config.php file in this package with the Consumer Key and Consumer Secret of your newly created twitter application (found int the app details section)

Step 3: Allow authentication from your twitter application to your twitter account

Now that you have the twitteroauth pack on your webserver, you should be able to access it and see the default page with a “Sign in with Twitter” button. If you do this, you will be redirected to a screen you might have seen with other third party applicatios before. Only, this time, it’s yours:

In this case, I want to connect with my @managerator to the application “managerator”, might be a bit confusing. (And please excuse me for using a German UI 😉 )

If you grant access successfully, you can check this in you Twitter account’s Connection details on

Step 4: Use the connection

Now that we have connected application and account, how can we send a tweet from the application to the account?

Check the “index.php” file in the twitteroauth package and you will see, that it loads/requires the necessary php files and afterwards does some API calls on the $connection. And, using a browser, this works. Of course, only if your browser is athenticated on twitter already (and of course with the account that granted access to the application).

Now, in my case I want to use the command line php (like a cron-job) to send messages. And of course, PHP is not authenticated on twitter. Thus, a simple call to “php index.php” on the command line will fail.

So, how do we get around this??

Step 5: Store the access_token

When you look again at the index.php, you will see

/* Get user access tokens out of the session. */
$access_token = $_SESSION[‘access_token’];

This access token is an associative array that contains all the things you need for further authentication – coming from your current browser session

So, simply var_dumping the access_token from your browser session and pasting the details into your code like this

/* Get user access tokens out of the session. */
//$access_token = $_SESSION[‘access_token’];
“oauth_token_secret”=> “***************************************”,
“user_id”=> “************”,
“screen_name”=> “managerator”,

Will make your code callable from the command line.

Note: user_id and screen_name is not used, it’s just part of the token


This was a quick hack of my way to get the auto-updated management bullshit tweets working again for @managerator. It’s not very nice, but it works for the time being.

And I hope it helps you, too!

Comments appreciated!!

Update Sept 14th:

Basic Auth is only gone for everbody else but own twitter apps.

As I read on this article you can circumvent OAuth and still use basic auth by adding “?source=twitterandroid” to your API URLs… That’s lame, Twitter!!!

Just tested and verified it, as of today, Sept 14th.

Leave a Reply