OAuth
Opened this issue · 9 comments
I'm putting some thought on this but I'm not happy with any solution =/. We need to think of another use cases:
1 - Set an example with actual OAuth configuration. Some for Twitter (1.0a) or Facebook (2.0) just for us to get in touch with a real sample including even some API call to these services (no need to abstract that, just a file_get_contents with a stream_context_create).
2 - Explore use cases for when the user rejects the authorization, when it expires and so on.
3 - Try to use a single routine instead of two. The ->oauth could be a route though, but it needs to be named that way (oauthRoute for example, like we already have for exceptionRoute and errorRoute).
Is there any improvments on this implementation?
@tplessis the quickest way would be to start write the tests perhaps and start it as a pull request. That is ultimately the way to get participation and get things done.
I agree with @alganet that the current implementations are overly complicated and these can be obfuscated internally without exposing only a simple interface similar to basic auth. To be able to test the actually use cases we will need some tests or similar implementations to thrash around.
Wikipedia has a list of Oath service providers and the API versions they implemented.
Suggestions welcome...
This seems to be a good library: http://hybridauth.sourceforge.net/
Wow awesome list of features, talk about the kitchen sink of OAuth and then some.
@alganet are you suggesting we include this in Respect/Rest, seems a bit over the top.
Shouldn't we be considering something that would provide both client and server capabilities perhaps, Respect/Rest would equally benefit from being able to provide token based third party auth.
I had a look at quizlet/oauth2-php several months ago which was a fork off an older module (2 years plus) seems to be abandoned now as well. It does have 15 suggested pull requests open of the 21 issues accrued over a year which should say something, not sure what. Looking at the member forks it would seem FriendsOfSymfony/oauth2-php has done the most work since and has itself accrued 2 outstanding PRs. Perhaps it needs some TLC and panda loving?
Beats starting from scratch...
the core code sucks. :x I really do not like it.
the use is cool, but the code... it is bad.
Hi, I hate to bump a 3 year old issue but is there any update?
Hi, I hate to bump a 3 year old issue but is there any update?
Not actually, the main problem is hot to plug it into the library without making it "bloated". I figure that what you want is to have something minimal configuration and that already works, right? What would be your use-case scenario and how do you want it to work?
To be honest, I'm not too sure. In PHP I'm making a dashboard website and app, so I'm wanting to make an API to power both of them. The senario is a school/workplace type environment where users are accessing a dashboard over the internet. I want to make an API both the website and a app would use. I'm open to solutions. Thanks @augustohp :)
(Ninja Edit: punctuate)