On the TutsPlus.com site they've posted a new tutorial showing you how to use the Symfony Security component to authenticate users in your system and use role-based access checks.

In this article, you'll learn how to set up user authentication in PHP using the Symfony Security component. As well as authentication, I'll show you how to use its role-based authorization, which you can extend according to your needs.

The tutorial starts with a summary of the Symfony Security component and what subcomponents it includes. It then walks you through the installation of the component via Composer (of version 4.1). They then walk through a more real-world example that uses user credentials and role information pulled from a MySQL database. They provide the code for the User class, a DatabaseProvider class, a DatabaseAuthenticationProvider, and how they all work together. Code is provided to complete the authentication process and to create the database table for the user credential and role details.

On the TutsPlus.com site they've posted a tutorial showing you how to integrate with Twitter's OAuth authentication through a few simple steps allowing the well known "Log in with Twitter" functionality.

In this tutorial, you will learn how to use Twitter API 1.1 and OAuth 2.0 to authenticate users of your application and publish a test tweet.

To create services which act on behalf of users' accounts and make it really secure and easy to develop, we need three things: a Twitter application, the REST API and access to the user account To put the pieces together into a working mechanism, we need an authentication framework. As a Twitter standard, the REST API identifies Twitter applications and users using OAuth.

The tutorial starts with a brief description of OAuth for those that aren't overly familiar with the use of the technology and its flow. They then go through the steps you'll need to get your app working with Twitter's OAuth handling:

• Create the Twitter application
• Get the OAuth credentials (secret and key)
• Installing a Twitter library via Composer
• Configuring your app with the OAuth credentials
• Building out the code to send the request to Twitter and receive the resulting callback

Once you receive that callback you'll have a token you can use to uniquely identify the user and interact with the Twitter API on their behalf. The post ends with some related links to other resources with more details about the Twitter API, their OAuth handling and other Twitter libraries.

On PHPMaster.com there's a new tutorial from Vito Tardia about using the Mozilla Persona authentication system in your PHP application - an abstracted authentication system that keeps only a token representing the user in your system.

Mozilla Persona is built upon the BrowserID technology also developed by Mozilla. You can find an expanded explanation of the concepts in the article How BrowserID Works by Lloyd Hilaiel. [...] An email address is an identity and it’s verified by the email provider [then the] authentication takes place in the browser.

He talks about the three steps in the process (certificate provisioning, assertion generation and assertion verification) and includes some sample code that does the work for you with some PHP, HTML and Javascript. In his example he just authenticates the user and returns the success/fail back to the calling script. You could take it one step further and integrate it with the session handler as well.

Lorna Mitchell has posted the next part in her series looking at working with OAuth in PHP, showing how to authenticate the user making the connection to your OAuth-enabled web service.

This phase is probably the most familiar to us as developers, as it's simply a login form. The consumer will send the user to us at the URL we provided in the request token, and the user will have the request token key as a parameter. The access control on this page will look the same as on the rest of the website; if the user has a session already then the page is displayed, otherwise they must be logged in to see it.

She talks about verifying the authentication token passed in (from the value already generated and put into a database table), the grant/deny process and the information to update in her sample table when the user falls into the "granted" side of things. She also briefly mentions the optional callback that can be passed to a service like this and how to handle its value.

If you've been thinking about hooking up your application's authentication to the Facebook Connect system that Facebook has to offer but weren't sure where to begin, take a look at this new tutorial from NETTUTS.com for a good introductory guide.

Lately, there’s been quite a fuzz about lazy registration. It turns out that the less the user has to think, the higher the conversion rates are! What a thought! If everybody seems to have a Facebook profile, why not add a one-click user registration? I’ll show you how to do that today.

The complete details are here - everything from the SQL to create the MySQL backend tables to screenshots on how to set up the Facebook application to the actual code to make the authentication work. There's even a bit on extended permissions and how to push a message to the user's wall once they've approved the application.

New on the Developer.com website is this tutorial from Jason Gilmore looking at OpenID authentication through the Zend Framework's Zend_Auth component.

I'll show you how to take advantage of a powerful open user identification service known as OpenID, and show you how to incorporate OpenID authentication and identification features into your Zend Framework-powered website. Even if you haven't started taking advantage of a web framework such as Zend's, this tutorial will serve two important purposes, demonstrating not only the allure of OpenID, but also how a framework such as the Zend Framework can greatly reduce development time.

He points to several places you can set up an OpenID account and mentions the Zend_Auth component that already includes all of the methods you'll need to validate a user based on their choice of provider. He creates a simple form and makes an indexAction in his controller that makes a Zend_OpenId_Consumer object to grab the user's information and verify the login.

On the AOL Developer Network Jack Herrignton has posted an introduction to OpenID and how you can use it in your PHP application.

OpenID is another one of those "cool technologies you've never heard of" type of deals. OpenID is an open source initiative that provides a way for Web users to register their identity in one place and then use that identity anywhere on the Web that supports OpenID. [...] Before getting an OpenID, though, I should point out that it’s not required that you run an OpenID provider to OpenID-enable your application. In fact, no special software or service is required in your Web application. The only requirement is that your Web server programming language be able to make HTTP requests of the OpenID provider, which is something all of them can do.

Once you have your OpenID account set up, his simple script, making use of the ability that any version of PHP has to open URLs, can authenticate off of a remote OpenID service - that has the cURL extension compiled in.

Vikram Vaswani has a new tutorial posted to the Zend Developer Zone today about integrating PHP with an OpenID system via a few helpful packages.

OpenID, a free, open-source framework for "single sign-on" across different Web sites and applications. The even better news? There already exist a bunch of PHP widgets that allow developers to easily integrate OpenID into a PHP application, and this article is going to show you how to use them. So what are you waiting for? Flip the page, and let's get going!

For those not familiar with the authentication method, he defines OpenID and shows how it can help with the "too many passwords, too many accounts" problem many users face. He uses the PHP OpenID Library and the Authentication::OpenID_Consumer PEAR package (as well as several other PEAR packages to help with the connections and message formatting). He builds two simple forms to use the service - one to authenticate a user and another to create a new account.

The Zend Developer Zone has posted a new look something recently added to the Zend Framework - support in the Zend_Auth component for OpenId connections.

Since there have been numerous tutorials written regarding Zend_Auth, I won't attempt to make a full tutorial on it. If you are curious, google around, you'll find them. Today though, I'd like to show you a cool new piece that has been added to Auth in Zend Framework 1.5, the new Zend_Auth_Adapter_OpenId.

Cal explains what the OpenID system is all about before getting into the code that uses it. He suggests MyOpenID as a provider to register at and includes the code to make a request to them to authenticate a username/password combo. The actual authentication check is only about three or four lines of code.