Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
* This is a simple example of using PHP's OAuth extension to fetch a valid
* token for a given member. The process is a typical OAuth 1.0a flow, which
* includes requesting a member's authorization to act on her behalf and then
* fetching the actual token once authorized. This token can then be stored
* and used to make API calls on the member's behalf. For an example of making
* such a call once you have retriefed an authorized token, see:
/** This script is used to request access from the member as well as receive her
response. Facilitating these transitions requires remembering bits of data
as she is directed away from and then back to this script. We'll use the
session to store this data, so we need to make sure a session is active. */
/** Your oauth consumer key and secret, as created by meetup when you register
a new consumer.
See: */
$consumer_key = YOUR_CONSUMER_KEY;
$consumer_secret = YOUR_CONSUMER_SECRET;
/** See for complete details, but
the flow for retrieving an authorized token is as follows:
1) Tell Meetup we want to request authorization from a user.
2) Meetup responds to #1 with an unauthorized token; now we must ask the
member for permission to use it on her behalf.
3) Redirect the member to an authorization page hosted by Meetup. This
allows her to grant or revoke the requested privilege to the token.
4) Receive the response by having Meetup redirect the member to a specified
callback URL, which will also include a verification token.
(the so-called "oauth_verifier") only if the member authorized the token.
5) With the unauthorized token created in #1 and the verification token
created in #4, we can finally have Meetup create a complete OAuth token
and use it to make API calls on the member's behalf. */
/** The URL that we use to tell Meetup that we'd like to generate an OAuth
token. Note that we include "scope=messaging" so that the member will
authorize us to use the messaging API on her behalf. There are several
scopes we can use; see
for complete details. */
$request_url = '';
/** The callback URL. This must be the URL of this script and must be reachable
by the member's user agent (unless you are testing internally, this will
need to be on a publicly reachable site). This URL should also match the
"Redirect URI" you specified when creating your consumer, or at least share
the same base URL. */
$callback_url = YOUR_CALLBACK_URL;
/** The URLs for requesting authorization from the member and for requesting the
token once authorized. These are specified in the Meetup OAuth documentation: */
$authorize_url = '';
$access_url = '';
/** Construct an OAuth client using your consumer key and secret. Note that this
uses PHP's OAuth extension; refer to its documentation for details: */
$oauth = new OAuth($consumer_key, $consumer_secret);
if(! isset($_GET['oauth_verifier'])) {
/* If this script was not requested with an 'oauth_verifier' token, then
we're at the beginning of the OAuth flow and must start by generating a
token request. */
$token_info = $oauth->getRequestToken($request_url, $callback_url);
/* Store the secret as we'll need it to fetch the authorized token, if and
when the member allows it. */
$_SESSION['secret'] = $token_info['oauth_token_secret'];
/* Redirect the member's browser to the token authorization page. This
helps to ensure that the member is in control of granting or revoking
API access to us on her behalf. */
header('Location: ' . $authorize_url . '/?oauth_token=' . $token_info['oauth_token']);
/* Exit immediately as we're redirecting the member. This also ensures that
the session cookie is sent which preserves our session for when the member
returns (and when that happens we'll need the "secret" that we stored). */
} else {
/* Home stretch! We have an 'oauth_verifier' parameter which should mean that
the member has granted us permission. Yay! Now we must use the secret we
stored in the session along with the verification token we just received
(as the value of the 'oauth_verifier' parameter) to authorize our token.
The 'secret' is a way of securely tying the unauthorized token to the
verification token, which represents the member granting us authority and
ultimatley authorizes our perviously unauthorized token. */
$oauth->setToken($_GET['oauth_token'], $_SESSION['secret']);
$token_info = $oauth->getAccessToken($access_url, '', $_GET['oauth_verifier']);
/* We should finally have our authorized oauth token and secret which we can
store and use to make authorized API calls on behalf of the authorizing
member. The token and its secret are available as values in the $token_info
associatve array as $token_info['oauth_token'] and
$token_info['oauth_token_secret'], respectively. For an example of using
these values, see: */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.