Lorna Mitchell has posted the latest in her look at OAuth in PHP to her blog today, an introduction to access tokens - generating and handling them in your application.

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. [...] This entry follows on from the ones about the initial requirements, how to how to handle request tokens, and authenticating users.

In this latest post, she talks about the three different types of tokens - consumer, request and verififier - and how to use them to locate a user in your app's users. Her code validates the request token and verifier against the database and, if successful, inserts the rest of the token information for the user.

In a new blog post Matthew Weier O'Phinney has taken a look at proxy objects (the Proxy design pattern) and how it differs from some of the other popular patterns.

Of the other patterns mentioned, the one closest to the Proxy is the Decorator. In the case of a Decorator, the focus is on adding functionality to an existing object -- for instance, adding methods, processing input before delegating to the target object, or filtering the return of a method from a target object.

Proxies stand in for objects and have several benefits for your application that may or may not need all of the overhead a full object could cause. Matthew focuses on one benefit in particular - consuming and controlling access to another object. He sets up a problem of wanting to use properties/methods on objects that aren't exposed directly (like a protected method). His solution is a proxy layer class on top of the original object. He includes a few "gotchas" to look out for when using this technique including overwriting all necessary methods and copying over all of the needed properties.

New on PHPBuilder.com there's a tutorial from Leidago Noabeb about using the PDO functionality that comes installed on many PHP platforms out there to access just about any database you might need to work work. This includes technology like MySQL, DB2, SQLite and PostgreSQL.

PHP Data Objects, or "PDO" as it is commonly known, is a lightweight database abstraction layer that is arguably the best, at least in terms of speed. A great deal of this speed is owing to the fact that the PDO extension was compiled with C/C++. The extension became available in PHP5, and as with any other database abstraction layer, its aim is to provide a uniform interface to access a variety of databases. This is also a way for developers to create portable code for a variety of platforms.

The tutorial shows you how to find the enabled PDO connection types for your installation (and where to go if you have access to turn more on or off). They show an example connection - in this case, to a MySQL database - and how to run a query or two using this new resource.

Lorna Mitchell has posted three different ways you can use to get access to a namespaced class in a PHP 5.3 application, all useful depending on where you are in the application and your needs.

After what felt like years of debate over the notation to use for PHP's namespaces, it seems like the feature itself has had relatively little use or attention since it was actually implemented in PHP 5.3. We're all used to working without it but using it does make code neater.

Her three options are:

• Refer Namespace and Class Name
• Import the Namespace
• Alias the Namespace and/or Class

You can find out more about namespaces in PHP applications on the PHP manual.

On the Stubbles blog today there's a new post from Frank Kleine showing how you can use a new feature of PHP 5.3 to perform dependency injection on static method - calling static methods with dynamic class names.

Developers who are familiar with the topic of clean code know that static methods are a problem, especially if it comes to testability. Static makes the code global, and if there is some kind of state involved it is even more a problem because this is global state then - both a maintenance and testability nightmare. [...] How can we keep our code clean and testable, at best without having a strongly coupled dependency to the class hosting the static method? Enter dependency injection for static methods.

He gives an example of how to use this to create a simple class that can change the name of the object an inner static function call is made to.

Lorna Mitchell has posted about her experiences with getting OAuth working with her PHP application by way of the PECL package that adds support into PHP.

I've been looking into OAuth recently and really like what I see, so I started looking at actually starting to play with something that uses it (and isn't twitter). In the pursuit of this, I spent some time walking through the process of how to actually authenticate using OAuth, as a client.

She briefly touches on the consumer key and secret and how those are passed along with the OAuth object creation to grab a request token, complete with details on setting a callback. She also mentions how to grab an access token - a piece of information you include in your API calls to let the remote service know who you are. All of her examples are using Yahoo! OAuth services.

Kevin Schroeder has posted excerpts from the sixth and seventh chapters from his "You Want To Do WHAT With PHP?" book.

Chapter 6 focuses on asynchronous processing and the excerpt talks about doing it with a little big of encryption on the side.

In the excerpt from Chapter 7 he looks at a more structured way to access files rather than just the random fopen or file_get_contents. There's a code example in this one showing how to get the header information off of a file for things like file type, last modified time, a header checksum and the file's permissions.

Brian Swan has a new post to his blog today about consuming protected feeds of OData coming from SQL Azure in a PHP application.

I did write a post a few weeks ago that described how to enable anonymous access to SQL Azure OData feeds (Consuming SQL Azure Data with the OData SDK for PHP), but I had a few things to learn about AppFabric access control before I felt comfortable writing about authenticated access to these feeds.

He starts from the Azure side, creating a sample OData feed and adding permissions to only allow access to a specific (database) user for the feed. You'll use a set of data to connect to the feed - a username, a secret key, an issuer name and the OData endpoint address. Then, using the OData SDK he shows how to generate the needed classes with the automatic tool and use them to connect to the endpoint and retrieve data from the feed. He also includes a little snippet for those that might not want to use the SDK - an example using curl to connect and authorize the session.

Brian Swan has a follow-up post to his introductory look at access control in Azure AppFabric applications with a bit more in-depth look at some of the settings to help you refine your controls.

I will again build a barpatron.php client (i.e. a customer) that requests a token from the AppFabric access control service (ACS) (the bouncer). Upon receipt of a token, the client will present it to the bartender.php service (the bartender) to attempt to access a protected resource (drinks). If the service can successfully validate the token, the protected resource will be made available.

You'll need to have an Azure instance set up and have already set up the scripts from his previous post to follow along. He updates the scripts to enhance with token checking and allowing the "patron" to request a token. Complete code is available for download.

Brian Swan has a new post to his blog today that aims to help you understand how your scripts access the Windows Azure AppFabric and how to can control the levels with the Access Control Service.

In a post I wrote a couple of weeks ago, Consuming SQL Azure Data with the OData SDK for PHP, I didn't address how to protect SQL Azure OData feeds with the Windows Azure AppFabric access control service because, quite frankly, I didn't understand how to do it at the time. What I aim to do in this post is share with you some of what I've learned since then. I won't go directly into how to protect OData feeds with AppFabric access control service (ACS, for short), but I will use PHP to show you how ACS works.

He illustrates with an example from another blog about a night club with a bartender, bouncer and checking wristbands to make sure the patrons are allowed to drink. In this case, the "bouncer" is the Access Control Service, a built-in feature of your Azure instance. He shows how to set it up, configure policies and the PHP code for both sides of the equation - the "bouncer" to change the certification sent and the user with a "wristband" to send the credentials on connect.