Hello, please sign in or register
You are here: Home

OAuth

Previously i wrote an article breaking down the Openid process into logical steps which a developer could use to understand the process.

Today i started working with Oauth, but its so simple i'm just going to post the code, which i'm using to get the user_id from twitter.

See Demo - click "Twitter"


<?php
/**
* This script makes a connection to an oauth server
* OAuth is an identity checking facility
* In this example we connect to the Oauth server at twitter
* And retireve values
*/

$oauths=array(
'twitter' => array(
'path' => "https://twitter.com/oauth/" . (!empty($_GET['oauth_token'])?'access_token':'request_token'),
'key' => '',
'login' => "https://twitter.com/oauth/authorize",
'secret'=> '',
),
);

// Make a request to the oauth server
if( $oauths[$_GET['openid']]
&& ( $r = file_get_contents( oauth_url( $oauths[$_GET['openid']],
(string)@$_GET['oauth_token'],
(string)@$_GET['oauth_verifier'] ) ) ) ){ // this will return a string
// Parse string, extract the variables.
parse_str(trim($r),$a);

r($a);

// If this is a redirect
if( empty($_GET['oauth_token']) && $a['oauth_token'] )
redirect($oauths[$_GET['openid']]['login'], array('oauth_token' => $a['oauth_token']));

// Change the Session
// Store as an openid, the path and ID number of the user
// This is just the way that i like to store my openid
if($a['user_id'])
r('Connected to '. parse_url($oauths[$_GET['openid']]['path'], PHP_URL_HOST) . ' Userid ' . $a['user_id']);
}


function oauth_url( $cred, $token='', $verify = ''){

$url = array(
'GET',
$cred['path'],
http_build_query( $a = array_filter( array( // order alphabetically
'oauth_callback' => (empty($token)?"http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']:NULL),
'oauth_consumer_key'=> $cred['key'],
'oauth_nonce' => md5(microtime().mt_rand()),
'oauth_signature_method'=> 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_token' => $token,
'oauth_verifier' => $verify,
'oauth_version' => '1.0',
)))
);
// Format url parmeters
foreach($url as &$o)
$o = str_replace(array('+','%7E'), array(' ','~'), rawurlencode($o));

// Find the oauth_signature based on the parameters we are passing.
$a['oauth_signature'] = base64_encode(
hash_hmac('sha1',
implode('&', $url),
implode('&', array($cred['secret'],$token)),
true));

return $cred['path'] . '?' . http_build_query($a);
}

function r(){
print "<pre>".htmlentities(print_r(func_get_args(),true))."</pre>";
}


function redirect($u,$p){
print "<a href='$u?". http_build_query($p) . "'>Login at $u</a> | ";
}

?>
<a href='?openid=twitter'>twitter</a> | <a href='?action=reset'>reset</a>


References


Comments

Awesome job
There is so many oauth code out there with 10 times the code and x10 times complexity. When I looked at this one, did not seem that it would work because it is way to short., but it did!. The down side is, twitter does not give access to user's emai...
Created 26/05/13
cmoutlet
s ralph lauren outlet Ray Ban Sunglasses,Ray Ban Outlet,Ray Ban Sale,Cheap Ray Bans,Cheap Ray Ban Sunglasses,ray ban sunglasses outlet,ray ban,rayb...
Created 21/10/15
oakleysunglasses
“I canada goose outlet think it doesn’t swarovski jewelry bode very
Created 21/01/16
oakleysunglasses
“I canada goose outlet think it doesn’t swarovski jewelry bode very
Created 21/01/16
linpingping
The michael--kors.org.uk next ralph lauren outlet day patriots jersey Mrs
Created 01/03/16
linpingping
The michael--kors.org.uk next ralph lauren outlet day patriots jersey Mrs
Created 01/03/16
clibin
Tyrion 5c cases watched her ray ban sunglasses read. His timber...
Created 18/04/16
chenyan
Bond grinned. pandora-bracciali.it "We bcbgmax.in.net only chaussure...
Created 15/06/16
wq123
This hilfiger outlet time swarovski jewelry something really timberland outlet strange, ...
Created 30/06/16
ninestab123
ninest123 One canada goose pas cher gucci outlet thing
Created 21/07/16
Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

Andrew Dodson
Since:Feb 2007

Comment | flag

Categories

Bookmark and Share