Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Dragos Holban:
Symfony OAuth Authentication for Your Mobile Application
Sep 11, 2017 @ 12:57:13

On his Medium site Dragos Holban has a new tutorial posted as a part of his "Learn Symfony 2.8" series. This time he shows how to use Symfony OAuth authentication for a mobile application.

Let’s say you built an API using Symfony and you need to access it from a mobile application using authenticated requests on behalf of your users.

Here’s how to make this work using Symfony 2.8 and Doctrine.

He starts by helping you install the FOSOAuthServerBundle and how to enable it in your Symfony application's configuration. He then includes the code for the OAuth classes: the client and entities for the access token and access token handler. He shows how to configure the bundle and add in routing and configure security protection for the parts of your application. Next he shows the creation of a client and how to document your API using the NelmioApiDocBundle.

tagged: oauth tutorial symfony authentication token doctrine entity

Link: https://medium.com/@dragosholban/symfony-oauth-authentication-for-your-mobile-application-b13de7202df7

SitePoint PHP Blog:
Social Logins with Oauth.io – Log in with Anything, Anywhere
Dec 22, 2016 @ 13:47:46

The SitePoint PHP blog has a tutorial posted from Meni Allaman showing you how to use the OAuth.io SDK for social logins, integrating multiple social network logins in one centralized place.

Users today often like the idea of logging into websites with a single click using one of their social accounts.

Given that, today we will look at OAuth.io, which is a multi-platform SDK for more than 120 social login providers like Facebook, Twitter, and Google+. Working with such an SDK is not a difficult task, but there are some prerequisites for using it.

The tutorial then breaks down the steps to follow for getting the service set up and getting the required package installed. Following this the author shows how to connect your account to the various services and provides the code you'll need to connect to the OAuth.io service. It finishes up with an example of a page you'd need to provide to your users to let them authorize the connection to the OAuth.io service with the service of their choosing.

tagged: social login oauthio oauth tutorial service package

Link: https://www.sitepoint.com/social-logins-with-oauth-io-log-in-with-anything-anywhere/

Building Your Startup With PHP: Simplifying Onramp With OAuth
Sep 22, 2016 @ 12:45:49

The TutsPlus.com site has posted the next part of their "Build Your Startup with PHP" series today. This time they show you how to make it even easier for the users of your site to sign up using OAuth and third-party authentication.

In this tutorial, I'll guide you through implementing OAuth integration with common social networks to make signing up and repeated usage easier and more efficient. I'll explore Facebook, Google, Twitter and LinkedIn, the networks I see as being most appropriate to Meeting Planner's target users.

The tutorial makes use of the Yii framework's own AuthClient functionality to make the actual requests to the 3rd party services. They help you get it installed via Composer and the configuration changes you'll need to make for it to be available and functional.

The tutorial then shows how to create developer applications on a few different services: Twitter, Facebook, Google and LinkedIn. They help you update your configuration with the secret keys for each and create a new database update for storing the 3rd party identifiers when the connection is made. Finally they hook it into the user profile and the login page for use by your users.

tagged: startup series tutorial oauth connection thirdparty service integration authclient

Link: https://code.tutsplus.com/tutorials/building-your-startup-with-php-simplifying-onramp-with-oauth--cms-23512

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 09:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

How to Authenticate Users With Twitter OAuth 2.0
Apr 29, 2016 @ 11:21:10

On the TutsPlus.com site they've posted a tutorial showing you how to integrate with Twitter's OAuth authentication through a few simple steps allowing the well known "Log in with Twitter" functionality.

In this tutorial, you will learn how to use Twitter API 1.1 and OAuth 2.0 to authenticate users of your application and publish a test tweet.

To create services which act on behalf of users' accounts and make it really secure and easy to develop, we need three things: a Twitter application, the REST API and access to the user account To put the pieces together into a working mechanism, we need an authentication framework. As a Twitter standard, the REST API identifies Twitter applications and users using OAuth.

The tutorial starts with a brief description of OAuth for those that aren't overly familiar with the use of the technology and its flow. They then go through the steps you'll need to get your app working with Twitter's OAuth handling:

  • Create the Twitter application
  • Get the OAuth credentials (secret and key)
  • Installing a Twitter library via Composer
  • Configuring your app with the OAuth credentials
  • Building out the code to send the request to Twitter and receive the resulting callback

Once you receive that callback you'll have a token you can use to uniquely identify the user and interact with the Twitter API on their behalf. The post ends with some related links to other resources with more details about the Twitter API, their OAuth handling and other Twitter libraries.

tagged: twitter authenticate user oauth tutorial library flow

Link: http://code.tutsplus.com/tutorials/how-to-authenticate-users-with-twitter-oauth-20--cms-25713

Book Release: Integrating Web Services with OAuth and PHP
Feb 25, 2016 @ 14:08:17

php|architect has officially announced the release of their latest book: Integrating Web Services with OAuth and PHP from author and PHP community member Matt Frost.

Modern web applications are no longer standalone, monolithic codebases. Instead, they are expected to integrate with external, 3rd party applications to allow users to tap into new features, integrate with their social networks, and to easily migrate their data between systems. Many services afford these integrations by building web services that use the OAuth standard to authenticate users and allow “secure delegated access” on their behalf.

The book covers both of the major versions of OAuth currently in use (v1 and v2), how they differ and provides working PHP examples of both the client and server sides of the functionality. If you're interested you can "try before you buy" with an excerpt from the book to get a feel for the writing style and content. You can get more information and pick up a copy of your own directly from the php[architect] site.

tagged: server oauth webservice integrate release book client mattfrost

Link: https://www.phparch.com/books/integrating-web-services-with-oauth-and-php/

WP REST API: Setting Up and Using OAuth 1.0a Authentication
Jan 15, 2016 @ 10:54:12

The NetTuts.com site has a new tutorial posted showing you how to work with the authentication of the WordPress REST API and using its OAuth 1.0a handling. This is part three in their series of tutorials introducing the WordPress REST API.

In the previous part of the series, we set up basic HTTP authentication on the server by installing the plugin available on GitHub by the WP REST API team. [...] For using authentication on production servers, there needs to be a more secure way of sending authenticated requests without risking exposing the login credentials. Thanks to the OAuth authentication method, those requests can be sent without exposing the username and the password in an unsafe manner.

In the current part of the series, we will learn to set up and use the OAuth authentication method to be used with the WP REST API plugin.

They start the tutorial with a brief look at what OAuth is and how it's used to authenticate the end user/client/software/etc. They then walk through the flow of a simple OAuth-based authentication system and the pieces that make it up. Then the article gets into how to install the plugin for your WordPress instance and activate it from the command line. They show how to test that it's enabled and how to use a command line client to create tokens you can then use to access the API in your own clients.

tagged: wordpress tutorial wpapi api rest oauth authentication series part3

Link: http://code.tutsplus.com/tutorials/wp-rest-api-setting-up-and-using-oauth-10a-authentication--cms-24797

SitePoint PHP Blog:
Conquering Instagram with PHP and the Instagram API
Sep 22, 2015 @ 12:57:21

The SitePoint PHP blog has a tutorial posted that shows you how to "conquer" the Instagram API in your PHP application and integrate it into your application with the help of the Guzzle HTTP client.

Instagram’s API allows us to interact with data such as user info, media (photos and videos), likes, comments, and tags. For example, you can search for media around a specific location and filter the results by time. The API also allows us to post comments or like specific media. For now, only uploading media isn’t supported. You can always look at the API endpoints documentation if you want to know about the full functionality.

They start by talking about the two types of API calls (authenticated/unautheticated) and the limits that are included with each. From there the tutorial shows you how to register a new application, get a new client ID and how to use the API console to test out requests. Next they help you get the [Guzzle]((http://guzzle.readthedocs.org/en/latest/) library installed and connect it to the Instagram API with your client credentials. They integrate this into a simple Slim application using Twig as a templating layer to allow for the OAuth approval process, fetching an access token for the later requests.

With the connection made, they show you how to make requests to do thing like make tag searches, get user feed information (and searches), geographic searches and handling pagination. They also include a link to a PHP Instagram library that can help simplify the process, complete with code examples.

tagged: tutorial instagram api introduction library oauth slim twig

Link: http://www.sitepoint.com/conquering-instagram-with-php-and-the-instagram-api/

Barry vd. Heuvel:
OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Soci
Jul 22, 2015 @ 09:51:49

Barry vd. Heuvel has a post to his site sharing a step by step guide to setting up OAuth in a Lumen+AngularJS application via Socialite and Satellizer (an AngularJS library for OAuth and token based authentication).

In the last few weeks, Socialite was a popular topic to blog/tweet about. Coincidentally, I also needed Socialite for a project. But in my case, I wanted to use it in an Angular app, distributed using Cordova (Phonegap) as hybrid app on Android/iOS. There were some examples, but I couldn’t find much about it at the time. A few people asked to share my experience about it, so here it is!

He starts by linking to all of the tools you'll need to help get some background on them including a helpful guide to installing Satellizer. He then goes over the flow of the entire process, from the initial call from the AngularJS side to authenticate, through the backend Lumen/Socalite/Satellizer handling and then back out to the Javascript where the token is then stored. With this established, he gets into the implementation details starting with the Lumen code to make the API request to GitHub then working with the JWT tokens and responding back to the AngularJS frontend with the result.

tagged: angularjs lumen framework tutorial socialite satellizer oauth jwt token

Link: http://barryvdh.nl/laravel/lumen/angular/2015/07/19/oauth-in-javascript-apps-with-angular-lumen-using-satellizer-laravel-socialite/

Rob Allen:
Custom OAuth2 authentication in Apiiglity
Jul 21, 2015 @ 09:05:49

In an article posted to his site Rob Allen shows you how to hook in the OAuth2 authentication for an Apigility-based application with a pre-existing database table structure that may not match the defaults Apigility is looking for.

I have a client that's writing an Apigility API that needs to talk to a database that's already in place. This also includes the users table that is to be used with Apigility's OAuth2 authentication. Getting Apigility's OAuth2 integration to talk to a specific table name is quite easy. [...] However, if you want to use different column names, that's a bit trickier as they are hardcoded in the OAuth2StoragePdo class. To get Apigility's OAuth2 components to look at the correct columns, you create your own OAuth2 Adapter. I chose to extend ZFOAuth2AdapterPdoAdapter which extends OAuth2StoragePdo and go from there.

He includes the code for this extension of the PdoAdapter (a "OAuth2Adapter" class) in the post showing the definitions of the get user, set user and check password methods the OAuth2 flow needs to match users to OAuth sessions. He also includes the code for the "OAuth2AdapterFactory" class that's used to pull the custom PDO adapter class into Apigility and, along with some configuration changes, make it available for use. Then it's just a simple matter of changing the authentication type in the Apigility UI.

tagged: apigility oauth2 authentication custom factory pdo adapter oauth tutorial

Link: http://akrabat.com/custom-oauth2-authentication-in-apiiglity/