12985

PHP OAuth 1.0 Library that handles an api key/secret pair and endpoints (request,authorization,and a

Question:

I'm working with an OAuth 1.0 API that requires we use an API KEY/PAIR. Also, it gives me 3 urls:

<ul><li>Request token endpoint: /oauth/request_token</li> <li>Authorization endpoint: /oauth/authorize</li> <li>Access token endpoint: /oauth/access_token</li> </ul>

Here is what the documentation states:

<hr />

We use the most current specification of OAuth 1.0 protocol (RFC 5849) to authenticate our API requests. We use OAuth 1.0 because it is an open standard, and <strong>we adapt the "three-legged" client/user/server protocol flow of OAuth 1.0 to a "two-legged" client/server model</strong>. In our adaptation of OAuth for authenticated client/server requests, the client acts as both the API client and the user (i.e., owner of the requested resource). So, instead of being redirected to the client with a token verifier, the client acts as a user and directly accesses the server for the OAuth verifier. The accessibility check happens when the client requests a resource from the server with an access token obtained using the previously obtained verifier. You can reuse access tokens until they expire (after two hours). After the tokens expire, you must request a new access token. Examples will clarify this further.

<hr />

I'd like to find a PHP OAuth Library that can use the API requirements I have for accessing the third party's company API. I really don't know how to implement this. My current thought is to reverse engineer the facebook php api but I don't know if it uses 3 endpoints. Also, some help with getting it operational or directing me to a resource where I can figure it out myself would be great.

Thanks!

** NOTE: I found this: <a href="https://code.google.com/p/oauth-php" rel="nofollow">click here</a> Can this be the solution I am looking for?

Answer1:

Facebook uses OAuth 2.0 so it's API is out of the question. Check <a href="http://www.cheatography.com/kayalshri/cheat-sheets/oauth-end-points/" rel="nofollow">here</a> for some basic API references - BitBucket, Twitter and Yahoo all use v1.0a for example.

PHP has an <a href="http://www.php.net/manual/en/book.oauth.php" rel="nofollow">OAuth Extension</a> so if you're building a custom solution you should definitely start there. The library that you're referencing <a href="https://code.google.com/p/oauth-php/wiki/ConsumerHowTo#Two-legged_OAuth" rel="nofollow">does provide Two Legged OAuth</a> so on a first glance it does seem as an option for you. <em>Disclaimer on the last sentence</em>: I haven't used this library however I checked the documentation. A nice explanation with UML sequence charts can be found <a href="http://blog.nerdbank.net/2011/06/what-is-2-legged-oauth.html" rel="nofollow">here</a>. It is just general OAuth not PHP specific but does provide a nice deep explanation. <a href="https://github.com/Lusitanian/PHPoAuthLib" rel="nofollow">This GitHub repo</a> contains reusable <strong>clients</strong> for my services - you can also get some ideas from there if your clients are going to be PHP.

Your case seems very interesting and there is no full answer to your question. If I were you I'd first take the time to check the code behind the Google Code oauth-php library that you reference in the Two-Legged Section (and not only). Then decide if you should in fact use this library, another or a custom implementation. You may also have other requirements/showstoppers that may affect your decision (I know you'd be wanting to push some big amounts of data from your other question. ;) ) The 2 hour token is a good performance optimization but is it too long of an authentication/authorization lease?

Recommend

  • Detecting (on the server side) when a Flex client disconnects from BlazeDS destination
  • jquery remove text partially
  • sessionState time out not working
  • Dropbox API - Get permanent link for my media?
  • Identity Server by leastprivilege doesn't work properly on Azure
  • wrong item changes in recyclerview
  • Aggregate all dataframe row pair combinations using pandas
  • How to exclude files in a custom clean task?
  • Whats the right place for testhelper-classes? (phpunit/best practise)
  • Calling java project from Mathematica
  • WooCommerce hook after order is updated?
  • Return to second to last URL in MVC (return View with previous filter conditions applied)?
  • PHP multiple file uploads
  • how to change api_token column in token guard
  • In Java, how can I construct a File from a resource?
  • Click on button in another program - FindWindow, C#
  • Android cannot disable cut copy paste
  • How to create CGPath from a SKSpriteNode in SWIFT
  • Calculate time difference in hh:mm:ss with simple javascript/jquery
  • SAVE attribute needed for Fortran variables when only the C_LOC address is returned to a C program?
  • Copy to all folders batch file?
  • JBoss External Properties Files in Classpath
  • C++ and preprocessor macros: variadic type
  • QLineEdit password safety
  • Illegal mix of collations for operation for date/time comparison
  • Launch Runnable Jar from Web Start
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • In LanguageTool, how do you create a dictionary and use it for spell checking?
  • How can I use Kendo UI with Razor?
  • Javascript + PHP Encryption with pidCrypt
  • Symfony2: How to get request parameter
  • Apache 2.4 - remove | delete | uninstall
  • Windows forms listbox.selecteditem displaying “System.Data.DataRowView” instead of actual value
  • Unit Testing MVC Web Application in Visual Studio and Problem with QTAgent
  • log4net write single file for each call to log.info
  • Benchmarking RAM performance - UWP and C#
  • Error creating VM instance in Google Compute Engine
  • Getting error when using KSoap library to consume .NET web services
  • Qt: Run a script BEFORE make
  • Conditional In-Line CSS for IE and Others?