This code connection is taken from a Python script. Hit this for Oauth WRAP examples and crash course
CODE BABY!
<?php
/**
* This script makes a connection to a oauth_wrap server
* OAuth Wrap is an identity checking facility, which lets users grant access to external services, by assigning an access token.
* In this example we connect to the Oauth wrap server at friendfeed
*
* @author Andrew Dodson
* @since March 2010
*
*/
$oauths=array(
'friendfeed' => array(
'path' => "https://friendfeed.com/account/wrap/access_token",
'login' => 'https://friendfeed.com/account/wrap/authorize',
'key' => 'put-your-key-here',
'secret'=> 'put-your-secret-here',
),
);
if( ( $srv = @$oauths[@$_GET['service']] ) ){
// if this is the first time the user has connected
if(empty($_GET['wrap_verification_code'])){
// Redirect the user to the authenticating server to sign in.
redirect( $srv['login'], (array(
'wrap_client_id' => $srv['key'],
'wrap_callback' => "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
'wrap_client_only' => 'true'
)));
}
else{
// else check that the wrap_verification_code came from the server we're interrogating
r(file_get_contents( $srv['path'] . '?' . implode_with_key(array(
'wrap_client_id'=>$srv['key'],
'wrap_client_secret'=>$srv['secret'],
'wrap_callback' => urlencode("http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?service='.$_GET['service']),
'wrap_verification_code'=>urldecode($_GET['wrap_verification_code']),
))));
}
}
function r(){
print print_r(func_get_args(),true);
}
function redirect($u,$p){
print "<a href='$u?". http_build_query($p) . "'>Login at $u</a> | ";
}
function implode_with_key($a){
$r=array();
foreach($a as $k=>$o)
$r[] = $k.'='.$o;
return implode('&',$r);
}
// GUI
// PRINT ALL THE OAUTH SERVICES TO THE SCREEN
foreach($oauths as $k => $o){
print ' | <a href="'.$_SERVER['SCRIPT_NAME'].'?service='.$k.'">'.$k.'</a>';
}
?>
NOTE: I went through a bunch of pain trying to get this to work. For instance i couldn't use http_build_query, because it url-encoded the wrap_verification_code Replacing '|' with '%7C'... urrgh!
The result
We get two token's in a string ... that's right, count'em
wrap_refresh_token=127aa9c88dbbe56f6asd18d4159bd83af8ba71ce&wrap_access_token=da9898ae197a4a888bb8718e273a2625|b2318af163c646178b979as806067989
What you do with them depends on the authenticating server. And you'll need to be aware of what services they have etc...
Ok we've got the token's, now what?
Friendfeed, for example (at the time of writing no one else has this working), lets us grab a JSON of the users personables from the server.
file_get_contents("https://friendfeed-api.com/v2/validate?wrap_access_token=".$wrap_access_token);And the users microblogs...
file_get_contents("https://friendfeed-api.com/v2/feed/home?wrap_access_token=".$wrap_access_token);Questions
So i've got a few questions about this, mostly related to whether their is a client implementation. I.e. do i have to login twice for the client side authentication, if i want to use the Javascript API's and again for the server side... since the access code is only for server to server communication
The coverage
So Facebook and Microsoft have both announced support for this format to arrive in 2010. In part because their own bespoke delegation and authentication methods were a drag to implement... bring on standards.
Comments
VTuIJkcPt
I don't know who you wrote this for but you hleepd a brother out.
Created 08/08/11
UosqSvvkQFZJsbIfeA
K6iVKB fniyqkvqovmd
Created 09/08/11
kKqxjMzuNTBm
agQ1Tk , [url=http://djkhpfiumeff.com/]djkhpfiumeff[/url], [link=http://dvvocceddbeg.com/]dvvocceddbeg[/link], http://fxzuojkexcfy.com/
Created 09/08/11
CvrVfczwGicROlSTsY
VHEXHJ wnnkwmfqdloq
Created 11/08/11
CFwHiuORsRBoBeXO
eiOdN8 , [url=http://dchbpqlhhsks.com/]dchbpqlhhsks[/url], [link=http://cyztqmqkqfng.com/]cyztqmqkqfng[/link], http://piydyeatmksm.com/
Created 16/08/11
