On the Ibuildings techPortal today they've posted the latest in their DPC Radio series of podcasts as recorded at last year's Dutch PHP Conference. In this new episode they share Lorna Mitchell's talk "Implementing OAuth".

With Twitter moving its API to OAuth the idea of using tokens rather than passwords for authentication went mainstream. Many explanations of OAuth make it seem complicated whereas in reality the "OAuth Dance" is a series of simple steps executed in sequence. This talk covers consuming and providing OAuth services, includes implementation examples, and is recommended for all technical leads, architects, and integration specialists.

You can listen to this latest episode either via the in-page player or by downloading the mp3. You can follow along with the presentation in her slides.

Richard McIntyre has a new post to his blog showing how he set up OAuth support in a Lithium-based application with the help of a handy plugin (li3_oath).

The OAuth protocol is a fantastic way to login to remote services and websites. Unfortunately the spec is different in OAuth 1.0 and the yet un-solidified 2.0, the implementation is also different across different services. At the moment this is a bit of a goose chase, but libraries like li3_oauth can help! [...] I like to be in control and calling the shots! I also want to have users have the option to login to other services under the same umbrella. Working directly with OAuth is what I wanted to do. Of course I was doing this in Lithium because it is clearly the best PHP Framework!

His process is broken up into four steps:

• Grab the latest version of the li3_oauth plugin
• Fork and refactor the plugin
• Create the Tweet and Facebook controllers
• Refactor a bit more to turn it into a service

The code changes are pretty minimal and are included in the post.

On PHPMaster.com today they're posted the second part of their OAuth series showing you how to use the authentication mechanism to connect to Twitter's API. (Part one is here.

Welcome back to Understanding OAuth - Tweeting from Scratch. This is Part 2 of the two-part series and picks up right where we left off in Part 1 with your returned Access Credentials. Since obtaining the credentials is the grueling part of the process, there's not much more left to do except posting a tweet on the user's behalf. Hopefully you'll find the final steps to be a lot easier to follow and more fun to implement.

They show you how to store the credentials from Part 1 into your session for safe keeping and include a simple form you will use to send a tweet to Twitter. They choose to manually build the HTTP POST request, including the credential headers along with the payload (oauth_consumer_key, oauth_signature, oauth_token, etc).

PHPMaster.com has posted the first part of a new series they're presenting on working with OAuth in PHP, specifically using it to connect to the Twitter API. This first part of the series introduces you to the concepts of OAuth and some early code to work with user credentials.

A common complaint about OAuth is that it is very difficult to understand, but perhaps some of that confusion is because of an expectation that the abstraction provided by a third-party library will erase the need to understand the steps of an OAuth transaction - it does not. This two-part article demonstrates how OAuth v1 works by explaining the process of connecting a PHP application to the Twitter API using only a few built-in functions to post a message to a user's Twitter stream.

The process is broken up into two steps - first you'll need to set up the request credentials so your application can connect to the Twitter service (as created here) then use that connection to fetch the rest of the necessary credentials (three total: Consumer, Request and Access Credentials). Cut and pasteable code is provided.

Carson McDonald has posted an example of how to use the Google OAuth for Installed Apps tool to authenticate users.

I have been working on a long needed update to the Google analytics dashboard plugin for WordPress and one of the items I had on my TODO list was using Google's OAuth login instead of the old ClientLogin. Setting OAuth up for a WordPress plugin is complicated because it isn't a hosted application and as such I can't register it to get OAuth keys. That is where a special way of doing OAuth comes in called OAuth for installed apps.

He uses this OAuth library to handle the "dirty work" of the connections. With that included in the application, he shows how to - in two phases - make an authentication system that direct the user to a Google link for completing the authentication process. He points to the Google OAuth docs and playground as good resources to help you during the process.

New on his blog Phil Sturgeon has a post about the social integration package PHP has been dying for - NinjAuth. It has hooks for OAuth and OAuth2 connections and makes it simple to use them completely abstracted.

In the past I have never needed to implement oAuth into a PHP project. I have done it in Rails and boy it was easy thanks to OmniAuth. OmniAuth abstracts away so much of the grunt work that it takes about 5 minutes to add a new social network to your site, and 4 of those minutes are spent signing up for the API keys. What options do we have in the world of PHP? A bunch of screwy hacks or provider specific classes like TwitterOAuth. I don't want to hunt down 20 libraries with different methods, I want to get a key, bang it in and go to the pub. Well, now I can!

The fuel-oauth and fuel-oauth2 packages to drive its backend. He includes a code snippet showing how to configure the providers (complete with keys needed for auth) including Facebook, Flickr, GitHub, YouTube and - of course - Twitter. You can grab the latest version of this library from Phil's github account.

Lorna Mitchell has posted the latest in her look at OAuth in PHP to her blog today, an introduction to access tokens - generating and handling them in your application.

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. [...] This entry follows on from the ones about the initial requirements, how to how to handle request tokens, and authenticating users.

In this latest post, she talks about the three different types of tokens - consumer, request and verififier - and how to use them to locate a user in your app's users. Her code validates the request token and verifier against the database and, if successful, inserts the rest of the token information for the user.

In a new post Stas Malyshev has shared some code for an OAuth provider he's written up to work specifically with Zend Framework applications.

Zend Framework has pretty good OAuth consumer implementation. However, it has no support for implementing OAuth provider, and it turns out that there aren't many other libraries for it. Most examples out there base on PECL oauth extension, which works just fine, with one caveat - you have to have this PECL extension installed, while ZF implementation does not require that. So I went ahead and wrote some code that allows to easily add OAuth provider to your ZF-based or ZF-using application. That should make writing OAuth provider easier.

His code just fleshes out the server portion of the provider, not all of the token generation and key handling it'll need on the backend - that'll still be the job of your scripts. You can find the library over on github in his Zend_OAuth_Provider repository.

Ade Slade has written up a quick new post to his blog today showing how you can use the lightweight Silex framework to link your login with Twitter and validate users from their API.

For those not acquainted with Silex: Silex is a PHP microframework for PHP 5.3 A microframework provides the guts for building simple single-file apps. It's awesome. For the example, I've setup a virtual host of example.local on my development machine.

He includes the contents of the .htaccess you'll need to get the rewrite to work for Silex, a link to the OAuth extension you'll need to install for PHP and the code to make the login and auth routes. You'll need to create a Twitter application for your site to get the OAuth secret key to make the authentication work. You can see the complete code here.

Rob Allen has posted his own guide to getting PHP 5.3 set up on OS X 10.7 Lion, the just-released update for Apple's operating system. It comes with a bundled set of PHP-related tools but you might want to set them up your own way. This is where the guide comes in.

With OS X 10.7, Apple continues to ship PHP 5.3 with PEAR, GD and PDO_MYSQL out of the box. This is how to set it up from a clean install of 10.7.

He goes through each of the pieces of software and talks about where to download the latest from and what configuration steps are needed:

• MySQL
• Apache
• the php.ini
• Xdebug
• PEAR
• PHPUnit (and friends)
• PECL OAuth
• mcrypt