Proposal for "HTTP_OAuth"

» Metadata » Status
  • Category: HTTP
  • Proposer: Jeff Hodsdon 
  • License: BSD Style
» Description
HTTP_OAuth is an implementation of the current OAuth spec (http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/3/oauth-core-1_0a.html). It allows a developer to use this package for both consumer and provider implementations. HTTP_OAuth depends on HTTP_Request2. I optionally can use Log and pecl_http.

The following examples should explain how this package could be used as an consumer and provider. The provider package leaves a lot up to the developer, which can be seen with the sample function names. There are also consumer examples in /examples of the package and up at http://jeffhodsdon.com/HTTP_OAuth/examples/index.php

Here is an example it's usage as a consumer:


// Logging
HTTP_OAuth::attachLog(Log::singleton('display'));

<?php
$consumer = new HTTP_OAuth_Consumer('key', 'secret');
$consumer->getRequestToken('http://example.com/oauth/request_token, $callback);

// Store tokens
$_SESSION['token'] = $consumer->getToken();
$_SESSION['token_secret'] = $consumer->getTokenSecret();

$url = $consumer->getAuthorizeUrl('http://example.com/oauth/authorize');
http_redirect($url); // function from pecl_http

// When they come back via the $callback url
$consumer = new HTTP_OAuth_Consumer('key', 'secret', $_SESSION['token'],
$_SESSION['token_secret']);
$consumer->getAccessToken('http://example.com/oauth/access_token', $_GET['oauth_verifier']);

// Store tokens
$_SESSION['token'] = $consumer->getToken();
$_SESSION['token_secret'] = $consumer->getTokenSecret();

// $response is an instance of HTTP_OAuth_Consumer_Response
$response = $consumer->sendRequest('http://example.com/oauth/protected_resource');
?>


Here is an example it's usage as a provider:

$request = new HTTP_OAuth_Provider_Request;

// Your code lookup
$consumerData = lookupByConsumerKey($request->oauth_consumer_key);

$response = new HTTP_OAuth_Provider_Response;
// Check signature from consumer secret
if (!$request->isValidSignature($consumerData['consumer_secret'])) {
$response->setStatus(HTTP_OAuth_Provider_Response::STATUS_INVALID_SIGNATURE);
$response->send();
die(0);
}

// Return request_token
$response->oauth_token = assignRequestToken($consumerData);
$response->oauth_token_secret = assignRequestTokenSecret($consumerData);
$response->send();

// User is redirected to a page on your site to authorize that request_token
// When they request an access token
$request = new HTTP_OAuth_Provider_Request;

// Your code lookup
$consumerData = lookupByConsumerKey($request->oauth_consumer_key);

$response = new HTTP_OAuth_Provider_Response;
// Check signature from consumer secret
if (!$request->isValidSignature($consumerData['consumer_secret']), $consumer['token_secret']) {
$response->setStatus(HTTP_OAuth_Provider_Response::STATUS_INVALID_SIGNATURE);
$response->send();
die(0);
}

if (!isAuthorizedRequestToken($consumerData)) {
$response->setStatus(HTTP_OAuth_Provider_Response::STATUS_INVALID_TOKEN);
$response->send();
die(0);
}

$response->oauth_token = assignAccessToken($consumerData);
$response->oauth_token_secret = assignAccessTokenSecret($consumerData);
$response->send();

// When receiving oauth request check the signature
$request = new HTTP_OAuth_Provider_Request;

// Your code lookup
$consumerData = lookupByConsumerKey($request->oauth_consumer_key);

$response = new HTTP_OAuth_Provider_Response;
// Check signature from consumer secret
if (!$request->isValidSignature($consumerData['consumer_secret']), $consumer['token_secret']) {
$response->setStatus(HTTP_OAuth_Provider_Response::STATUS_INVALID_SIGNATURE);
$response->send();
die(0);
}
» Dependencies » Links
  • HTTP_Request2
» Timeline » Changelog
  • First Draft: 2009-07-28
  • Proposal: 2009-07-29
  • Call for Votes: 2009-08-20
  • Jeff Hodsdon
    [2009-07-29 01:56 UTC]

    Switched example URL
  • Jeff Hodsdon
    [2009-08-03 23:55 UTC]

    Corrected typo calling HTTP_OAuth_Consumer::getAuthorizeUrl()
  • Jeff Hodsdon
    [2009-08-20 19:08 UTC]

    I removed the pecl_http dependency and add support for attaching PEAR Log classes to help debug.
  • Jeff Hodsdon
    [2009-08-20 19:33 UTC]

    Fixed typo in example