Download to read offline
![<?php! ! $params = [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => '1.0',! ];](https://image.slidesharecdn.com/introtooauthclients-141108152629-conversion-gate01/75/Intro-to-OAuth-43-2048.jpg)
![If you have an OAuth Verifier <?php! ! $params = [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => ‘1.0',! ! ‘oauth_verifier’ => ‘xxxxxxxxx’! ];](https://image.slidesharecdn.com/introtooauthclients-141108152629-conversion-gate01/75/Intro-to-OAuth-44-2048.jpg)
![<?php! $httpMethod = 'POST';! $uri = ‘http://api.example.com/request_tokens';! ! $params = [! 'oauth_nonce' => $this->getNonce(),! 'oauth_callback' => $this->getCallback(),! 'oauth_signature_method' => $this->getSignatureMethod(),! 'oauth_timestamp' => time(),! ‘oauth_consumer_key' => $this->getConsumerKey(),! 'oauth_token' => ‘',! 'oauth_version' => '1.0',! ];! ! $tempArray = [];! ksort($params);! foreach($params as $key => $value) {! ! $tempArray[] = $key . '=' . rawurlencode($value);! }! ! $baseString = $httpMethod . '&';! $baseString .= rawurlencode($uri) . '&';! $baseString .= implode('&', $tempArray);](https://image.slidesharecdn.com/introtooauthclients-141108152629-conversion-gate01/75/Intro-to-OAuth-47-2048.jpg)
![$params = [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => '1.0',! ];! ! $params[‘oauth_signature’] = $signature; You probably remember this array?](https://image.slidesharecdn.com/introtooauthclients-141108152629-conversion-gate01/75/Intro-to-OAuth-57-2048.jpg)
![We’ve seen similar code before… $header = “Authorization: OAuth “;! $tempArray = [];! ! foreach($params as $key => $value) {! $tempArray[] = $key . ‘=“‘. rawurlencode($value);! }! ! $header .= implode(‘,’, $tempArray);!](https://image.slidesharecdn.com/introtooauthclients-141108152629-conversion-gate01/75/Intro-to-OAuth-58-2048.jpg)
Intro to OAuth
- 1. Intro to OAuth Matt Frost @shrtwhitebldguy https://joind.in/12717
- 2. Who Am I? • Community Member • Author • OSS Contributor • Mentoring Proponent • Podcast co-host
- 3.
- 5.
- 6.
- 7.
- 8. So what you’resaying is…
- 9.
- 10. Tokens can bestolen though
- 11.
- 12.
- 13. There are differentversions
- 14. Technically OAuth 1is deprecated
- 15. Just like themysql extension You’re probably going to run into it at some point anyway….
- 16. So here’s theplan
- 18.
- 19. So we needtokens, right?
- 20.
- 21.
- 22.
- 23.
- 24.
- 25. Super simple right? https://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
- 26. Let’s break thisdown, eh?
- 28. You need anapplication
- 30. Request the temporarytokens
- 32. If you signedit right…
- 33. You’ll have temporary credentials
- 35. You now usethese to request Access Tokens
- 37. If you signthat request right…
- 38. You’ll have youractual Access Tokens!
- 39. You can storethem in a session or database and use them now!
- 40. Remember all thatsigning talk?
- 41. This is thehardest part…
- 42.
- 43. <?php! ! $params= [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => '1.0',! ];
- 44. If you havean OAuth Verifier <?php! ! $params = [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => ‘1.0',! ! ‘oauth_verifier’ => ‘xxxxxxxxx’! ];
- 45.
- 46. Let’s see howthis actually works
- 47. <?php! $httpMethod ='POST';! $uri = ‘http://api.example.com/request_tokens';! ! $params = [! 'oauth_nonce' => $this->getNonce(),! 'oauth_callback' => $this->getCallback(),! 'oauth_signature_method' => $this->getSignatureMethod(),! 'oauth_timestamp' => time(),! ‘oauth_consumer_key' => $this->getConsumerKey(),! 'oauth_token' => ‘',! 'oauth_version' => '1.0',! ];! ! $tempArray = [];! ksort($params);! foreach($params as $key => $value) {! ! $tempArray[] = $key . '=' . rawurlencode($value);! }! ! $baseString = $httpMethod . '&';! $baseString .= rawurlencode($uri) . '&';! $baseString .= implode('&', $tempArray);
- 48. Composite Key Thisis way easier…
- 49. Cram the 2secrets together…
- 50. $consumer_secret = 'VERYSECRETZ';! $access_secret = 'SUCHSECURITY';! ! $composite_key = rawurlencode($consumer_secret) .'&'. rawurlencode($access_secret);
- 51.
- 52. Here’s your signature! $signature = base64_encode(hash_hmac(! ! 'sha1',! ! $baseString,! ! $compositeKey,! ! true! ));
- 53. There are othersignature types but…
- 54.
- 56.
- 57. $params = [! 'oauth_nonce' => $this->getNonce(),! ! 'oauth_callback' => $this->getCallback(),! ! 'oauth_signature_method' => $this->getSignatureMethod(),! ! 'oauth_timestamp' => time(),! ! 'oauth_consumer_key' => $this->getConsumerKey(),! ! 'oauth_token' => '',! ! 'oauth_version' => '1.0',! ];! ! $params[‘oauth_signature’] = $signature; You probably remember this array?
- 58. We’ve seen similarcode before… $header = “Authorization: OAuth “;! $tempArray = [];! ! foreach($params as $key => $value) {! $tempArray[] = $key . ‘=“‘. rawurlencode($value);! }! ! $header .= implode(‘,’, $tempArray);!
- 59. This is thefinal result Authorization: OAuth oauth_consumer_key="xxxxxxxxx", oauth_nonce="fklj2324kljfksjf234k", oauth_signature="8xJAdrE00wGH21w87P 6N%2F8c0XZfeo%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1399488541", oauth_token="xxxxxxxxx", oauth_version="1.0"
- 60. Whew! That wassome work
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69. Authorization example - Foursquare
- 70.
- 71.
- 72.
- 73. https://foursquare.com/oauth2/access_token? client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET >&code=<CODE>&callback=http://oauth.dev/examples/ Foursquare/callback.php&grant_type=authorization_code
- 74. If you canuse this, you should
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 83. Important Note onScopes
- 84. Provides an ACLFramework
- 85.
- 86.
- 87. What can wedo with this?
- 88. Access data fromAPIs
- 89. Move Authentication Elsewhere a.k.a Single Sign On
- 90. So this workseverywhere right?
- 91.
- 92. Useful reading OAuth1 https://tools.ietf.org/html/rfc5849 OAuth 2 https://tools.ietf.org/html/rfc6749
- 93.