This post is going to describe how I've ending up designing, what I consider to be a fairly RESTful web API. I'm far from being an expert, and this is definitely the closest thing to a RESTful API that I've ever created, so I'm not even experienced with REST APIs. [...] Until about 6 months ago, I'd always been sceptical of creating RESTful APIs, but I think I've had a few pennies drop since then that have made me fairly confident that I grasp the basics pretty well.

He touches on topics like: authentication, the Richardson Maturity model, HTTP verbs, sample request and response messages and some BDD-style tests to predict the output of a basic request.

On December 21, 2011 Stefan Koopmanschap wrote an excellent article on this blog titled "Painless (well, less painful) migration to Symfony2." [...] We were very much inspired by his passionate elucidation and we were fully convinced of the urge to start migrating to Symfony2 as soon as possible. However, he also provided us with a "A word of caution" about 2 things: performance and authentication/authorization. This might get some people worried, but not us: it challenged us to find a solution for those two open issues.

They explain why these two things are a problem and some of their solutions they've created - a .htaccess for routing and manually replicating the Symfony2 session in the Symfony1 code. Included in the post are the rewrite rules and code to make these two things happen (and a small configuration change to make them work).

In my previous article Android Login and Registration Screen Design i explained designing the login and registration interfaces, but it has no functionality. In this tutorial i am explaining how to build complete login and registration system in android using PHP, MySQL and SQLite. Also this tutorial covers how to build simple API using PHP and MySQL.

The tutorial walks you through each step of the process:

• Creating MySQL Database and Tables
• Building PHP API Classes
• Starting Android Project
• Making the JSON Parser, SQLite Database Handler and User Functions Classes
• Designing the Screens
• Switching between Activities
• Finally Updating AndroidManifest.xml

If you want to get started quickly, you can just download the final result and go.

Here you can find the related articles to my Cakephp videos if you would prefer to read them rather than watch. You will can also download all of the source code for the corresponding videos. [...] They only include the app folder, as we'll never change anything in the other folders, at least not in these tutorials.

The videos currently cover installation of the framework and some of the naming conventions to follow. The source has the full authentication system, though - all the way from setting up helper methods to creating the actual authentication component.

Welcome back to Understanding OAuth - Tweeting from Scratch. This is Part 2 of the two-part series and picks up right where we left off in Part 1 with your returned Access Credentials. Since obtaining the credentials is the grueling part of the process, there's not much more left to do except posting a tweet on the user's behalf. Hopefully you'll find the final steps to be a lot easier to follow and more fun to implement.

They show you how to store the credentials from Part 1 into your session for safe keeping and include a simple form you will use to send a tweet to Twitter. They choose to manually build the HTTP POST request, including the credential headers along with the payload (oauth_consumer_key, oauth_signature, oauth_token, etc).

I have been working on a long needed update to the Google analytics dashboard plugin for WordPress and one of the items I had on my TODO list was using Google's OAuth login instead of the old ClientLogin. Setting OAuth up for a WordPress plugin is complicated because it isn't a hosted application and as such I can't register it to get OAuth keys. That is where a special way of doing OAuth comes in called OAuth for installed apps.

He uses this OAuth library to handle the "dirty work" of the connections. With that included in the application, he shows how to - in two phases - make an authentication system that direct the user to a Google link for completing the authentication process. He points to the Google OAuth docs and playground as good resources to help you during the process.

Warden is a user database authorization package for the FuelPHP framework that aims to fast track development by handling the work load of uthenticating user's. Built for performance, it comes with a ready-to-use user model and database install script.

The package uses bcrypt for password hashing and also provides features for forgotten passwords, password resets and "remember me" functionality. Installation is as simple as adding it to your "always_load" package list and setting up a few configuration options. Sample code for its features is included. You can get the latest version directly from github.

For those not acquainted with Silex: Silex is a PHP microframework for PHP 5.3 A microframework provides the guts for building simple single-file apps. It's awesome. For the example, I've setup a virtual host of example.local on my development machine.

He includes the contents of the .htaccess you'll need to get the rewrite to work for Silex, a link to the OAuth extension you'll need to install for PHP and the code to make the login and auth routes. You'll need to create a Twitter application for your site to get the OAuth secret key to make the authentication work. You can see the complete code here.

sfGuardPlugin is pretty awesome. It allows a symfony developer the ability to quickly implement a user login and access control system. However, there is an issue with respect to telling the plugin whether to use the username or the email column for validating user submitted input. After some Googling I found a few sites which forced sfGuardPlugin to use email rather than username, but only after quite a bit of work. What I am going to show will accomplish the same end goal, but with minor changes.

He starts with a look at the validator class, showing how the values are going to be passed to the backend. The plugin makes a call to a "retrieveByUsername" method to get the user's information, but his method overrides this...sort of. His method actually contains the query to fetch the user information by email instead. This is useful if you want to use the email address as a username for the site but still want to maintain data integrity on the user records (valid emails can then be used for auth and for sending messages).

Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment.

They want to include topics like logins, storing passwords, "forgot password" security, OpenID, browser autocompletion, password strength, email validation and more. They already laid out eight different sections with summaries including:

• How To Remain Logged In - The Infamous "Remember Me" Checkbox
• Using Secret Questions
• Checking Password Strength
• Much More - Or: Preventing Rapid-Fire Login Attempts
• Two-Factor Authentication and Authentication Providers

There's some good feedback from other users with other suggestions and links to external resources that could shed some more light on the topic.