How to Integrate Twitter OAuth 2.0 in PHP + Direct Messages

To integrate Twitter OAuth 2.0 in PHP and access direct messages (DMs), you'll need to follow these steps:

Authenticate with Twitter:
Conceal the code value within a hidden input field

    // @post method 
    public function twitterOAuth(Request $request)
        if($request->code) {
            // #2 get access token by the authorization code  
            $this->getAccessToken($request->code);
        }else{
            // #1 if there's no authorization code
            return $this->getAuthorizationCode();
        }
    }

Please ensure you've thoroughly reviewed your complete callback_uri within your Twitter developer portal.

getAuthorizationCode

 public function getAuthorizationCode() {
        $authorize_url = "https://twitter.com/i/oauth2/authorize";
        $callback_uri =config('twitter.callback_uri');
        $client_id = config('twitter.client_id');
        $client_secret = config('twitter.client_secret');
        $str = (pack('H*', hash("sha256", config('twitter.code_challenge'))));
        $code_challenge = rtrim(strtr(base64_encode($str), '+/', '-_'), '=');

        $authorization_redirect_url = $authorize_url . "?response_type=code&client_id=" . $client_id . "&redirect_uri=" . $callback_uri . "&scope=tweet.read%20users.read%20follows.read%20dm.read%20dm.write%20offline.access&state=state&code_challenge=".$code_challenge."&code_challenge_method=plain";
        return redirect()->to($authorization_redirect_url);
    }

getAccessToken

    public function getAccessToken($authorization_code) {
        $token_url = "https://api.twitter.com/2/oauth2/token";
        $callback_uri =config('twitter.callback_uri');
        $client_id = config('twitter.client_id');
        $client_secret = config('twitter.client_secret');
        $str = (pack('H*', hash("sha256", config('twitter.code_challenge'))));
        $code_verifier = rtrim(strtr(base64_encode($str), '+/', '-_'), '=');


        $authorization = base64_encode("$client_id:$client_secret");
        $header = array("Authorization: Basic {$authorization}","Content-Type: application/x-www-form-urlencoded");
        $content = "grant_type=authorization_code&code=$authorization_code&client_id=$client_id&code_verifier=$code_verifier&redirect_uri=$callback_uri";

        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => $token_url,
            CURLOPT_HTTPHEADER => $header,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => $content
        ));
        $response = curl_exec($curl);
        curl_close($curl);

        if ($response === false) {
            //save error  and redirect
            $twitterError = curl_error($curl);;
            return redirect()->route('mailboxes.twitter.settings');

        } elseif (isset(json_decode($response)->error)) {
            //save error  and redirect
            $twitterError = $response
            return redirect()->route('mailboxes.twitter.settings');
        }
        else{
            //save access_token & refresh_token
            $TwitterAccessToken = json_decode($response)->access_token
            $TwitterRefreshToken = json_decode($response)->refresh_token
            return redirect()->route('mailboxes.twitter.settings');
         }

Get Direct Messages (DMs):
Use the access_token to gain access to protected Direct Messages

function getDms(){
    $dm_events_url= "https://api.twitter.com/2/dm_events?dm_event.fields=id,text,event_type,dm_conversation_id,created_at,sender_id&user.fields=created_at,description,id,location,name";
    $header = array("Authorization: Bearer {$TwitterAccessToken}");

    $curl = curl_init();
    curl_setopt_array($curl, array(
        CURLOPT_URL => $dm_events_url,
        CURLOPT_HTTPHEADER => $header,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_RETURNTRANSFER => true
    ));
    $response = curl_exec($curl);
    curl_close($curl);

    return json_decode($response, true);
}

Refresh an Access Token Using a Refresh Token
Some OAuth grant types return a refresh_token along with an access_token. Refresh tokens have a much longer expiration time than access_tokens and as such can be used to obtain a new access_token when the current one expires.

$token_url = "https://api.twitter.com/2/oauth2/token";
         $authorization = base64_encode("$client_id:$client_secret");
         $header = array("Authorization: Basic {$authorization}","Content-Type: application/x-www-form-urlencoded");
         $content = "grant_type=refresh_token&client_id=$client_id&refresh_token=".$TwitterRefreshToken;

         $curl = curl_init();
         curl_setopt_array($curl, array(
             CURLOPT_URL => $token_url,
             CURLOPT_HTTPHEADER => $header,
             CURLOPT_SSL_VERIFYPEER => false,
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_POST => true,
             CURLOPT_POSTFIELDS => $content
         ));
         $response = curl_exec($curl);
         curl_close($curl);

 if ($response === false) {
            //save error  
            $twitterError = curl_error($curl);;


        } elseif (isset(json_decode($response)->error)) {
            //save error  
            $twitterError = $response

        }
        else{
            //save access_token & refresh_token
            $TwitterAccessToken = json_decode($response)->access_token
            $TwitterRefreshToken = json_decode($response)->refresh_token
         }

This pertains to the integration of Twitter OAuth 2.0 using PHP. I trust that you grasp the concept and can seamlessly incorporate it into your project. Please feel free to share your thoughts and suggestions in the comments section below