When dealing with OAuth, it is implemented as three-legged OAuth or two-legged OAuth server. The major contrast between them is that two-legged authentication doesn’t involve with another user. As an example, if you want to access your twitter accounts information you would use the three-legged server. So let’s focus on three-legged variety since it is more applied in the practical world.
We use OAuth PHP and the library is hosted on google code, but it can still be installed using Composer. For details check out the composer.json file in code that accompanies this article available on GitHub.
According to OAuth 2.0 framework,
Ø The consumer requests a token from the server
Ø The consumer then directs the user to a login page, passing the token with them
Ø The user logs in and is redirected back to the consumer with an access token
Ø The consumer takes the access token and requests the OAuth token to use with future secure requests
Ø The OAuth token is retrieved, and the developer can now make secure requests by passing the token for validation
Note: make sure to install Composer
In the event that you peruse through the tables, you'll see that the oauth_server_registry table contains a field called osr_usa_id_ref. It assumes you have an effectively existing clients table that it will be identified with. On the off chance that you do, that is great! However, in the event that not, at that point here is some fundamental SQL to make a standard user table.
Create OAuth server
I’ve placed it in the separate file include/common.php
Change the “require_once ‘ ../vendor/autoload.php’ ” according to your vendor files location
The additional HTTP header which added in the file is to inform the client that this is an OAuth server.
Notice: it references services.zrds.php
This file comes with the OAuth-php library. You should copy it from example/server/www/services.xrds.php to the root public directory of the web server.
The set up for the OAuth server is now completed and the server is ready to implemented!
Registration
We need to create a registration form which the fields are required to passed to the library: requester_name and requester_email.
The library assumes that we have existing users who want to consume our server. In the following code, I create a new user in the users table, then retrieve the ID, and then pass it to the updateConsumer() method creating (or updating) the consumer key and secret for this user.
After completing the registration process the user's consumer key and the consumer secret key are generated and those should be saved for the future use.
Now user is registered and they can being making requests for an access token !
Generate a request token
after a user is registered user should perform an OAuth request to your request_token.php file. This file is not much complex.
RequestToken() method validates the consumers key and signature.
Exchanging request token for an access token
The client ought to be diverted to your login page once a request token has been created. This page ought to expect the accompanying URL parameters: oauth_token and oauth_callback.
The login page ought to recover the users from the users table. Once recovered, the user ID is passed (alongside the oauth_token) to the authorizeVerify() method gave by the library. Accepting the user has approved the application, the ID of the signed in user is then connected with the customer's key permitting them to secure access to this present client's information.
The important logic of a basic login.php might look like the following
After user logged in they will be redirected to the consuming developer's website with a valid token.
Access_token.php file looks like this:
Validating a request
Now the OAuth server is running. But we need to verify that a request is with the valid OAuth signature.
So this is how the basic test file that does that simply!
The first part of the above code is configuration information that should be updated accordingly to match your needs. The user ID, consumer key, and consumer secret key are all generated during the registration process on the server.
Summary
· Ask for a request token (via the request_token.php file) with the consumer key
· Upon receiving the token, redirect the user to the login page passing the token and callback URL via URL parameters
· Once the user is logged in, they are redirected back to the above test page. The test page takes the token and asks for an access token (via the access_token.php file)
· Upon success, the necessary OAuth information is returned and the test file performs a secure request to test_request.php.
· If all goes well a basic “Hello 1” will be displayed.
No comments:
Post a Comment