PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

PHP OAuth Provider: Request Tokens

Note: This article was originally published at Planet PHP on 20 May 2011.
Planet PHP
I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus' OAuth Provider post.

The consumer requests a request token (see my earlier post about consuming OAuth), and as a provider, we need to handle that request. In my example, I chose to pass the variables as GET parameters, but you could adapt this to handle POST variables or information contained in HTTP headers.

OAuth Provider Code



We have the same block of code called on every request where we're negotiating OAuth, and it looks like this:

$this-provider = new OAuthProvider();

// set names of functions to be called by the extension
$this-provider-consumerHandler(array($this,'lookupConsumer'));
$this-provider-timestampNonceHandler(
array($this,'timestampNonceChecker'));
$this-provider-tokenHandler(array($this,'tokenHandler'));

// no access token needed for this URL only
$this-provider-setRequestTokenPath('/v2/oauth/request_token');

// now check the request validity
$this-provider-checkOAuthRequest();
A

The setRequestTokenPath() function is more important than it looks. Set this to the path of your request token endpoint, this ensures that the checkOAuthRequest doesn't expect a valid access token to be supplied - because you haven't got one yet! This confused me at first, because I could request a request token and get one,

Truncated by Planet PHP, read more at the original (another 15412 bytes)