Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 09:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

TutsPlus.com:
How to Authenticate Users With Twitter OAuth 2.0
Apr 29, 2016 @ 11:21:10

On the TutsPlus.com site they've posted a tutorial showing you how to integrate with Twitter's OAuth authentication through a few simple steps allowing the well known "Log in with Twitter" functionality.

In this tutorial, you will learn how to use Twitter API 1.1 and OAuth 2.0 to authenticate users of your application and publish a test tweet.

To create services which act on behalf of users' accounts and make it really secure and easy to develop, we need three things: a Twitter application, the REST API and access to the user account To put the pieces together into a working mechanism, we need an authentication framework. As a Twitter standard, the REST API identifies Twitter applications and users using OAuth.

The tutorial starts with a brief description of OAuth for those that aren't overly familiar with the use of the technology and its flow. They then go through the steps you'll need to get your app working with Twitter's OAuth handling:

  • Create the Twitter application
  • Get the OAuth credentials (secret and key)
  • Installing a Twitter library via Composer
  • Configuring your app with the OAuth credentials
  • Building out the code to send the request to Twitter and receive the resulting callback

Once you receive that callback you'll have a token you can use to uniquely identify the user and interact with the Twitter API on their behalf. The post ends with some related links to other resources with more details about the Twitter API, their OAuth handling and other Twitter libraries.

tagged: twitter authenticate user oauth tutorial library flow

Link: http://code.tutsplus.com/tutorials/how-to-authenticate-users-with-twitter-oauth-20--cms-25713

php[architect]:
Book Release: Integrating Web Services with OAuth and PHP
Feb 25, 2016 @ 14:08:17

php|architect has officially announced the release of their latest book: Integrating Web Services with OAuth and PHP from author and PHP community member Matt Frost.

Modern web applications are no longer standalone, monolithic codebases. Instead, they are expected to integrate with external, 3rd party applications to allow users to tap into new features, integrate with their social networks, and to easily migrate their data between systems. Many services afford these integrations by building web services that use the OAuth standard to authenticate users and allow “secure delegated access” on their behalf.

The book covers both of the major versions of OAuth currently in use (v1 and v2), how they differ and provides working PHP examples of both the client and server sides of the functionality. If you're interested you can "try before you buy" with an excerpt from the book to get a feel for the writing style and content. You can get more information and pick up a copy of your own directly from the php[architect] site.

tagged: server oauth webservice integrate release book client mattfrost

Link: https://www.phparch.com/books/integrating-web-services-with-oauth-and-php/

NetTuts.com:
WP REST API: Setting Up and Using OAuth 1.0a Authentication
Jan 15, 2016 @ 10:54:12

The NetTuts.com site has a new tutorial posted showing you how to work with the authentication of the WordPress REST API and using its OAuth 1.0a handling. This is part three in their series of tutorials introducing the WordPress REST API.

In the previous part of the series, we set up basic HTTP authentication on the server by installing the plugin available on GitHub by the WP REST API team. [...] For using authentication on production servers, there needs to be a more secure way of sending authenticated requests without risking exposing the login credentials. Thanks to the OAuth authentication method, those requests can be sent without exposing the username and the password in an unsafe manner.

In the current part of the series, we will learn to set up and use the OAuth authentication method to be used with the WP REST API plugin.

They start the tutorial with a brief look at what OAuth is and how it's used to authenticate the end user/client/software/etc. They then walk through the flow of a simple OAuth-based authentication system and the pieces that make it up. Then the article gets into how to install the plugin for your WordPress instance and activate it from the command line. They show how to test that it's enabled and how to use a command line client to create tokens you can then use to access the API in your own clients.

tagged: wordpress tutorial wpapi api rest oauth authentication series part3

Link: http://code.tutsplus.com/tutorials/wp-rest-api-setting-up-and-using-oauth-10a-authentication--cms-24797

SitePoint PHP Blog:
Conquering Instagram with PHP and the Instagram API
Sep 22, 2015 @ 12:57:21

The SitePoint PHP blog has a tutorial posted that shows you how to "conquer" the Instagram API in your PHP application and integrate it into your application with the help of the Guzzle HTTP client.

Instagram’s API allows us to interact with data such as user info, media (photos and videos), likes, comments, and tags. For example, you can search for media around a specific location and filter the results by time. The API also allows us to post comments or like specific media. For now, only uploading media isn’t supported. You can always look at the API endpoints documentation if you want to know about the full functionality.

They start by talking about the two types of API calls (authenticated/unautheticated) and the limits that are included with each. From there the tutorial shows you how to register a new application, get a new client ID and how to use the API console to test out requests. Next they help you get the [Guzzle]((http://guzzle.readthedocs.org/en/latest/) library installed and connect it to the Instagram API with your client credentials. They integrate this into a simple Slim application using Twig as a templating layer to allow for the OAuth approval process, fetching an access token for the later requests.

With the connection made, they show you how to make requests to do thing like make tag searches, get user feed information (and searches), geographic searches and handling pagination. They also include a link to a PHP Instagram library that can help simplify the process, complete with code examples.

tagged: tutorial instagram api introduction library oauth slim twig

Link: http://www.sitepoint.com/conquering-instagram-with-php-and-the-instagram-api/

Barry vd. Heuvel:
OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Soci
Jul 22, 2015 @ 09:51:49

Barry vd. Heuvel has a post to his site sharing a step by step guide to setting up OAuth in a Lumen+AngularJS application via Socialite and Satellizer (an AngularJS library for OAuth and token based authentication).

In the last few weeks, Socialite was a popular topic to blog/tweet about. Coincidentally, I also needed Socialite for a project. But in my case, I wanted to use it in an Angular app, distributed using Cordova (Phonegap) as hybrid app on Android/iOS. There were some examples, but I couldn’t find much about it at the time. A few people asked to share my experience about it, so here it is!

He starts by linking to all of the tools you'll need to help get some background on them including a helpful guide to installing Satellizer. He then goes over the flow of the entire process, from the initial call from the AngularJS side to authenticate, through the backend Lumen/Socalite/Satellizer handling and then back out to the Javascript where the token is then stored. With this established, he gets into the implementation details starting with the Lumen code to make the API request to GitHub then working with the JWT tokens and responding back to the AngularJS frontend with the result.

tagged: angularjs lumen framework tutorial socialite satellizer oauth jwt token

Link: http://barryvdh.nl/laravel/lumen/angular/2015/07/19/oauth-in-javascript-apps-with-angular-lumen-using-satellizer-laravel-socialite/

Rob Allen:
Custom OAuth2 authentication in Apiiglity
Jul 21, 2015 @ 09:05:49

In an article posted to his site Rob Allen shows you how to hook in the OAuth2 authentication for an Apigility-based application with a pre-existing database table structure that may not match the defaults Apigility is looking for.

I have a client that's writing an Apigility API that needs to talk to a database that's already in place. This also includes the users table that is to be used with Apigility's OAuth2 authentication. Getting Apigility's OAuth2 integration to talk to a specific table name is quite easy. [...] However, if you want to use different column names, that's a bit trickier as they are hardcoded in the OAuth2StoragePdo class. To get Apigility's OAuth2 components to look at the correct columns, you create your own OAuth2 Adapter. I chose to extend ZFOAuth2AdapterPdoAdapter which extends OAuth2StoragePdo and go from there.

He includes the code for this extension of the PdoAdapter (a "OAuth2Adapter" class) in the post showing the definitions of the get user, set user and check password methods the OAuth2 flow needs to match users to OAuth sessions. He also includes the code for the "OAuth2AdapterFactory" class that's used to pull the custom PDO adapter class into Apigility and, along with some configuration changes, make it available for use. Then it's just a simple matter of changing the authentication type in the Apigility UI.

tagged: apigility oauth2 authentication custom factory pdo adapter oauth tutorial

Link: http://akrabat.com/custom-oauth2-authentication-in-apiiglity/

SitePoint PHP Blog:
WP API and OAuth – Using WordPress without WordPress
Jul 16, 2015 @ 13:08:54

The SitePoint PHP blog has posted a tutorial showing you how to "use WordPress without WordPress" via a basic RESTish API installed via plugin. The article focuses on using the OAuth authentication method to connect a client to the WP instance, linked to a system user via generated tokens.

In this tutorial, we’ll learn how to install and use WP-API with OAuth – a WordPress plugin which uses REST-like API endpoints to allow reading of WP content to unauthenticated users, and writing of WP content to users who authenticate via OAuth (or via Cookies for themes and plugins). Using the plugin isn’t very straightforward, and the prerequisite list is quite long, so this post was written to make it simple and relatively approachable (as long as you’re in control of your own server).

The tutorial walks you through the steps to get a WordPress instance installed (via a git clone) and setting it up to work with Homestead Improved. He then installs the "wp-cli" tool to get the OAuth1 plugin needed to make things work correctly and how to use it to generate the needed key and secret for the OAuth connection. He then makes a simple script that uses the Guzzle HTTP client and it's OAuth handling to make the OAuth request for a token, call the callback page and return the bearer token for the remainder of the requests. Finally he creates a simple page that uses this token to submit a new article via the API and views it in the WordPress interface.

tagged: wordpress api tutorial oauth guzzle oauth1 wpcli rest

Link: http://www.sitepoint.com/wp-api-and-oauth-using-wordpress-without-wordpress/

NetTuts.com:
Programming With Yii2: AuthClient Integration With Twitter, Google and Other Networks
Jun 26, 2015 @ 10:58:36

NetTuts.com has posted the latest part of their "Programming with Yii2" series today, this time with a focus on AuthClient integration allowing for easy interfacing with social services like Google or Twitter.

In this Programming With Yii2 series, I'm guiding readers in use of the newly upgraded Yii2 Framework for PHP. In this tutorial, I'll guide you through integration of the built-in AuthClient support to provide sign-in from third party networks such as Twitter, Google and Facebook.

For these examples, we'll continue to imagine we're building a framework for posting simple status updates, e.g. our own mini-Twitter, using our hello codebase. Use the GitHub links on this page to download the code repository. In Programming With Yii2: Integrating User Registration, I walked through integration of the Yii2-User library for user registration and authentication. In this tutorial, we'll learn how to integrate AuthClient with Yii2-User and override its views.

The tutorial starts off with a look at AuthClient: what it is, what it supports out of the box and which they'll be integrating (Google and Twitter). He shows you how to install the library via Composer and where to configure it, including the keys or secrets needed to connect to the provider of choice. For Twitter, he shows how to register a new "application" on their side and how to hook it into your own application and code. He advocates using an ".ini" file outside of the code to store the service credentials too. Finally he shows how to integrate it with the frontend, including the widget to override the default user login handling.

tagged: programming yii2 authclient twitter google social oauth

Link: http://code.tutsplus.com/tutorials/programming-with-yii2-authclient-integration-with-twitter-google-and-other-networks--cms-23489

SitePoint PHP Blog:
Popular Photos, Filters and User Profiles with the 500px API
Mar 05, 2015 @ 11:26:50

The SitePoint PHP blog has started off a new series this morning to help you create a custom Laravel application based on the 500px photo community site. In this first part of the series they help you get the application up and running and connected to the 500px API.

500px is a photo community for discovering, sharing, buying and selling inspiring photography. In this article we are going to explore their API and build a small showcase app. Let’s get started.

You'll need to have Laravel set up and working to get started on the tutorial, but they help you get the other libraries installed and configured (like Guzzle). They start with getting a list of the most popular photos from the API, connecting it to your account via an OAuth token. A base route is created and connected to a controller/action with a view to render each of the photos in their own divs. They then add in a bit of Javascript to create a "Load More" button that makes another call, with pagination, to pull in more photo details. Finally they show you how to create the user profile page, grabbing user information and related photos and rendering them out to a page.

tagged: 500px tutorial series part1 laravel api oauth photos filters profiles

Link: http://www.sitepoint.com/popular-photos-filters-user-profiles-500px-api/