OAuth1ApplicationAbstract

Overview #

OAuth1ApplicationAbstract is the base class for applications using OAuth 1.0a authentication. OAuth1 is an older but still-used protocol for authorization (e.g., Twitter API). It's more complex than OAuth2, requiring request signing and a three-step authorization flow.

Purpose:

  • Handle OAuth1 authorization flow
  • Manage consumer keys and request signing
  • Store access tokens for authenticated requests

File location: orchesty-php-sdk/src/Authorization/Base/OAuth1/OAuth1ApplicationAbstract.php

Note: OAuth1 is unique to PHP SDK (not available in Node.js SDK).

Class Hierarchy # 

ApplicationAbstract
OAuth1ApplicationAbstract

Implements: OAuth1ApplicationInterface, ApplicationInterface

Abstract Methods #

getTokenUrl() # 

abstract protected function getTokenUrl(): string

Returns the request token endpoint URL.

Returns: string - Request token URL

getAuthorizeUrl() # 

abstract protected function getAuthorizeUrl(): string

Returns the authorization endpoint URL where users grant access.

Returns: string - Authorization URL

getAccessTokenUrl() # 

abstract protected function getAccessTokenUrl(): string

Returns the access token endpoint URL.

Returns: string - Access token URL

Standard Methods #

You must also implement:

  • getName(), getPublicName(), getDescription(), getFormStack(), getRequestDto()

OAuth1 Flow #

  1. Request Token: Get temporary request token from provider
  2. User Authorization: Redirect user to authorize with request token
  3. Access Token: Exchange authorized request token for access token
  4. Signed Requests: Use access token to sign API requests

Usage Example # 

<?php declare(strict_types=1);

namespace YourApp\Application;

use Hanaboso\CommonsBundle\Process\ProcessDtoAbstract;
use Hanaboso\CommonsBundle\Transport\Curl\Dto\RequestDto;
use Hanaboso\PipesPhpSdk\Application\Base\ApplicationInterface;
use Hanaboso\PipesPhpSdk\Application\Document\ApplicationInstall;
use Hanaboso\PipesPhpSdk\Application\Model\Form\Field;
use Hanaboso\PipesPhpSdk\Application\Model\Form\Form;
use Hanaboso\PipesPhpSdk\Application\Model\Form\FormStack;
use Hanaboso\PipesPhpSdk\Authorization\Base\OAuth1\OAuth1ApplicationAbstract;

final class TwitterApplication extends OAuth1ApplicationAbstract
{
    public function getName(): string
    {
        return 'twitter';
    }

    public function getPublicName(): string
    {
        return 'Twitter';
    }

    public function getDescription(): string
    {
        return 'Social media platform API';
    }

    protected function getTokenUrl(): string
    {
        return 'https://api.twitter.com/oauth/request_token';
    }

    protected function getAuthorizeUrl(): string
    {
        return 'https://api.twitter.com/oauth/authorize';
    }

    protected function getAccessTokenUrl(): string
    {
        return 'https://api.twitter.com/oauth/access_token';
    }

    public function getFormStack(): FormStack
    {
        $form = new Form(ApplicationInterface::AUTHORIZATION_FORM, 'OAuth1 Credentials');
        $form
            ->addField(new Field(Field::TEXT, 'consumer_key', 'API Key', null, true))
            ->addField(new Field(Field::PASSWORD, 'consumer_secret', 'API Secret', null, true));

        $formStack = new FormStack();
        return $formStack->addForm($form);
    }

    public function getRequestDto(
        ProcessDtoAbstract $dto,
        ApplicationInstall $applicationInstall,
        string $method,
        ?string $url = null,
        ?string $data = null
    ): RequestDto
    {
        // OAuth1 provider handles request signing automatically
        $settings = $applicationInstall->getSettings();
        $token = $settings[ApplicationInterface::AUTHORIZATION_FORM][ApplicationInterface::TOKEN] ?? [];

        $request = new RequestDto($this->getUri($url), $method, $dto);
        // OAuth1Provider adds Authorization header with signature

        if ($data) {
            $request->setBody($data);
        }

        return $request;
    }
}

See Also #

Note: OAuth1 is less common today. Most modern APIs use OAuth2 or API keys. Use this only for legacy services or APIs that specifically require OAuth1.

© 2025 Orchesty Solutions. All rights reserved.