Rest icon indicating copy to clipboard operation
Rest copied to clipboard
verified publisher icon Respect

OAuth

Open wesleyvicthor opened this issue 13 years ago • 9 comments

What do you guys think about this API for an OAuth client ?

I was looking for something simple but I not found anything.

thoughts ? @nickl-

wesleyvicthor avatar Jan 22 '13 20:01 wesleyvicthor

I'm putting some thought on this but I'm not happy with any solution =/. We need to think of another use cases:

1 - Set an example with actual OAuth configuration. Some for Twitter (1.0a) or Facebook (2.0) just for us to get in touch with a real sample including even some API call to these services (no need to abstract that, just a file_get_contents with a stream_context_create). 2 - Explore use cases for when the user rejects the authorization, when it expires and so on. 3 - Try to use a single routine instead of two. The ->oauth could be a route though, but it needs to be named that way (oauthRoute for example, like we already have for exceptionRoute and errorRoute).

alganet avatar Jan 23 '13 12:01 alganet

Is there any improvments on this implementation?

tplessis avatar Mar 08 '13 08:03 tplessis

@tplessis the quickest way would be to start write the tests perhaps and start it as a pull request. That is ultimately the way to get participation and get things done.

I agree with @alganet that the current implementations are overly complicated and these can be obfuscated internally without exposing only a simple interface similar to basic auth. To be able to test the actually use cases we will need some tests or similar implementations to thrash around.

Wikipedia has a list of Oath service providers and the API versions they implemented.

Suggestions welcome...

nickl- avatar Mar 23 '13 21:03 nickl-

This seems to be a good library: http://hybridauth.sourceforge.net/

alganet avatar Apr 30 '13 11:04 alganet

Wow awesome list of features, talk about the kitchen sink of OAuth and then some.

@alganet are you suggesting we include this in Respect/Rest, seems a bit over the top.

Shouldn't we be considering something that would provide both client and server capabilities perhaps, Respect/Rest would equally benefit from being able to provide token based third party auth.

I had a look at quizlet/oauth2-php several months ago which was a fork off an older module (2 years plus) seems to be abandoned now as well. It does have 15 suggested pull requests open of the 21 issues accrued over a year which should say something, not sure what. Looking at the member forks it would seem FriendsOfSymfony/oauth2-php has done the most work since and has itself accrued 2 outstanding PRs. Perhaps it needs some TLC and panda loving? Beats starting from scratch...

nickl- avatar May 01 '13 03:05 nickl-

the core code sucks. :x I really do not like it. the use is cool, but the code... it is bad.

wesleyvicthor avatar May 02 '13 00:05 wesleyvicthor

Hi, I hate to bump a 3 year old issue but is there any update?

dylmye avatar Aug 19 '16 19:08 dylmye

Hi, I hate to bump a 3 year old issue but is there any update?

Not actually, the main problem is hot to plug it into the library without making it "bloated". I figure that what you want is to have something minimal configuration and that already works, right? What would be your use-case scenario and how do you want it to work?

augustohp avatar Aug 19 '16 20:08 augustohp

To be honest, I'm not too sure. In PHP I'm making a dashboard website and app, so I'm wanting to make an API to power both of them. The senario is a school/workplace type environment where users are accessing a dashboard over the internet. I want to make an API both the website and a app would use. I'm open to solutions. Thanks @augustohp :) (Ninja Edit: punctuate)

dylmye avatar Aug 20 '16 18:08 dylmye