4. How can you avoid this boring
registration?
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 4
5. Hybrid Authentication
Login with Facebook
Login with Google Account
Login with Windows Live
User
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 5
6. It has Benefits too
Hassle free login/registration
More website users
Successful Business
More money
You
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 6
7. There is also a bonus!
You have access to user's social
data, friend base
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 7
8. Cool! But ....
Isn't it too complex?
Is there any standard?
How to implement?
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 8
9. Yes, there is a standard and its so simple with
OAuth 2.0
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 9
10. What is OAuth?
Stands for Open Authorization
Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo BBAuth,
Flickr API, Amazon Web Services API, FacebookAuth
First introduced in 2006
Designed for API access delegation
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 10
11. OAuth 2.0
Next evolution of OAuth 1.0
Easy to implement
More flows to support desktop and mobile
and living room devices
Not backward compatible with OAuth 1.0
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 11
12. OAuth 2.0 flows are
User-Agent Flow
Web Server Flow
Device Flow
Username and Password Flow
Client Credentials Flow
Assertion Flow
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 12
13. How does OAuth 2.0 work?
Google
Authorization Request
Authorization Code
Resource Owner
Request Access Token
Client Authorization Server
(Your website) Access Token
Access Token
Protected Resource Resource Server
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 13
14. Web Flow – Implementation
Register your app @ https://code.google.com/apis/console/b/0/
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 14
15. Web Flow – Get Authorization Code
Login with Google Account
https://accounts.google.com/o/oauth2/auth?client_id=...&respons
e_type=code&redirect_uri=...&scope=...
http://mine2share.com/labs/oauth2/callback.php?code=authoriza
tion_code
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 15
16. Web Flow – Get Access Code
Now from your Redirect URI, make a post request using
CURL with following parameters
https://accounts.google.com/o/oauth2/token?client_id=...&client_
secret=...&grant_type=authorization_code&code=..&redirect_uri=
...
{
"access_token" : "...",
"expires_in" : 3600
}
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 16
17. Web Flow – Get Resource
Use the access_token to get granted resources
https://www.googleapis.com/oauth2/v1/userinfo?access_code=...
array (
'id' => '1150948574743835905',
'email' => 'faisal@bankinfobd.com',
'verified_email' => true,
'name' => 'Faisal Morshed',
'given_name' => 'Faisal',
'family_name' => 'Morshed',
)
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 17
20. Step 1
Get user authorization
File: connect.php
Oauth2Consumer::getInstance('Facebook')->authorize();
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 20
21. Redirect to OAuth 2.0 end point
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 21
22. Step 2
Grab the Access Token
File: callback.php
$oauth2 = Oauth2Consumer::getInstance('Facebook');
$accessToken = $oauth2->getAccessToken();
Save this access token
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 22
23. Step 3
Use the API with Access Token
Set the access token
$oauth = Oauth2Consumer::getInstance('Facebook');
$oauth->setVariable('access_token', $accessToken);
Use the API as much as you want
$profile = $oauth->api('me');
$friends = $oauth->api('me/friendlists');
$albums = $oauth->api('me/albums');
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 23
24. Decide to Login or Register
User is new? create an account first
Otherwise, log him/her in to your app
keep users and connections table separate
Users
1
n
Connections
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 24
25. Socialize Your Application
Encourage user to add more connections
You have read/write access, so
Engage more
Respect user's opinion
Remember! never misuse
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 25
26. Who Support OAuth 2.0
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 26
27. References
Google API:
Documentation: http://code.google.com/apis/accounts/docs/OAuth2.html
API Console: https://code.google.com/apis/console/b/0/
Facebook:
API Console: https://developers.facebook.com/apps
Documentation: https://developers.facebook.com/docs/authentication/
Windows Live:
API Console: https://manage.dev.live.com/
Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx
OAuth 2.0:
http://tools.ietf.org/html/draft-ietf-oauth-v2-22
http://oauth.net/2/
Oauth2Consumer Class & Example:
http://raynux.com/ray/labs/projects/oauth2.zip
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 27
28. Question and Answer
Thank you
phpXperts 2011 Md. Rayhan Chowdhury | ray@raynux.com 28