SlideShare a Scribd company logo

Using OAuth with PHP

David Ingram, profile picture
David Ingram

The document provides an overview of using OAuth with PHP, including the process for writing a consumer application and key steps like registering with a provider, obtaining request and access tokens, and making API requests. It highlights what OAuth does not do, such as providing server identity proof and confidentiality. The document also discusses considerations for being an OAuth provider, including design decisions and potential security threats.

TechnologySelf Improvement
1 of 76
Downloaded 90 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Using OAuth with PHP Dave Ingram @dmi 4th November 2010
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Coming up • What is OAuth? • How do you write a Consumer in PHP? • What doesn’t OAuth do? • Thoughts on being a Provider
What is OAuth anyway?
A long time ago, in a website not far away. . .
Using OAuth with PHP
Using OAuth with PHP
Connect!
Connect! U:KittehLuvr P:hunter2
Connect! U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2
Connect! U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2
Connect! U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2
Connect! U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2 U:KittehLuvr P:hunter2 O HAI TWITTER LOOK AT MAH KITTEH LOL!
Full access
Full access Fragile
Full access Fragile Revoking is painful
YOU REVEAL YOUR USERNAME AND PASSWORD
YOUR USERNAME AND PASSWORD
Using OAuth with PHP
Who uses it?
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Using OAuth with PHP
Building a Consumer
To sign requests, you need: Consumer key Consumer secret (Unique per application) + Access token Access secret (Unique per application user)
Step 1: Register with the provider
I would like my OAuth application to consume your service please, Mr. Provider.
Certainly. I just need to take a few details from you, and we’ll be all set.
OK. Here you go.
Consumer key Consumer secret
Step 2: Write your application Step 3: ?????? Step 4: Profit!
Step 2: Write your application Step 3: ?????? Step 4: Profit!
User Consumer Provider User clicks connect
User Consumer Provider C C Ask provider for request token
User Consumer Provider C C R R Provider returns request token and request secret
User Consumer Provider C C R R R Redirect user to provider
User Consumer Provider C C R R R R User logs in/authorises app
User Consumer Provider C C R R R R V Provider redirects user back to app with verifier
User Consumer Provider C C R R R R V V User’s arrival with verifier notifies app
User Consumer Provider C C R R R R V V C C R R V App then exchanges request token for access token
User Consumer Provider C C R R R R V V C C R R V A A Provider returns access token and access secret
User Consumer Provider C C R R R R V V C C R R V A A C C A A App makes request on user’s behalf
Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, );
Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, ); // Fetch the request token $response = $o->getRequestToken( 'https://api.twitter.com/oauth/request_token' ); // Save for later exchange $_SESSION['req_token'] = $response['oauth_token']; $_SESSION['req_secret'] = $response['oauth_token_secret'];
Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, ); // Fetch the request token $response = $o->getRequestToken( 'https://api.twitter.com/oauth/request_token' ); // Save for later exchange $_SESSION['req_token'] = $response['oauth_token']; $_SESSION['req_secret'] = $response['oauth_token_secret']; // Send user to provider's site header('Location: https://api.twitter.com/oauth/authorize'. '?oauth_token='.$response['oauth_token']);
Using OAuth with PHP
Get access token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the request token $o->setToken($_SESSION['req_token'], $_SESSION['req_secret']);
Get access token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the request token $o->setToken($_SESSION['req_token'], $_SESSION['req_secret']); // Exchange request for access token (verifier is automatic) $response = $o->getAccessToken( 'https://api.twitter.com/oauth/access_token' ); // Save access tokens for later use $current_user->saveTwitterTokens( $response['oauth_token'], $response['oauth_token_secret'], ); header('Location: /twitter-link-ok');
Access token Access secret
Make API requests // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the access token $o->setToken( $current_user->getTwitterToken(), $current_user->getTwitterSecret() ); $args = array('status'=>'O HAI TWITTER LOOK AT MAH KITTEH LOL!'); $oauth->fetch( 'https://api.twitter.com/v1/statuses/update.json', $args, OAUTH_HTTP_METHOD_POST ); $json = json_decode($oauth->getLastResponse()); printf("Result: %sn", print_r($json, true));
What OAuth doesn’t do
No proof of server identity (use TLS)
No proof of server identity (use TLS) No confidentiality (use TLS/SSL)
No proof of server identity (use TLS) No confidentiality (use TLS/SSL) No open-source consumer
Thoughts on being a Provider
Very easy to be a Consumer
Very easy to be a Consumer Many design decisions to make as a Provider
Very easy to be a Consumer Many design decisions to make as a Provider A fair amount of work, and not always easy to change your mind
Very easy to be a Consumer Many design decisions to make as a Provider A fair amount of work, and not always easy to change your mind For example. . .
How large a range of timestamps do you allow?
How large a range of timestamps do you allow? What permission granularity do you provide?
How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets?
How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter)
How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter) What about attacks? Phishing, DoS, clickjacking, CSRF
How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter) What about attacks? Phishing, DoS, clickjacking, CSRF Beware proxying/caching (use the right headers!)
Links OAuth Spec: http://oauth.net/ Intro/tutorial: http://hueniverse.com/ PECL extension: http://pecl.php.net/oauth/ Me: http://twitter.com/dmi http://www.dmi.me.uk/talks/ http://www.dmi.me.uk/code/php/ Slides: http://slideshare.net/ingramd

More Related Content

PDF
Implementing OAuth with PHP
Lorna Mitchell
 
KEY
OAuth using PHP5
Nurulazrad Murad
 
PDF
OAuth - Open API Authentication
leahculver
 
PDF
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
Antonio Sanso
 
PPTX
JWT Authentication with AngularJS
robertjd
 
PDF
Implementing OAuth
leahculver
 
PDF
Building an API Security Ecosystem
Prabath Siriwardena
 
ODP
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
Implementing OAuth with PHP
Lorna Mitchell
 
OAuth using PHP5
Nurulazrad Murad
 
OAuth - Open API Authentication
leahculver
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
Antonio Sanso
 
JWT Authentication with AngularJS
robertjd
 
Implementing OAuth
leahculver
 
Building an API Security Ecosystem
Prabath Siriwardena
 
Mohanraj - Securing Your Web Api With OAuth
fossmy
 

What's hot (20)

PDF
Demystifying OAuth 2.0
Karl McGuinness
 
PPTX
REST Service Authetication with TLS & JWTs
Jon Todd
 
PPTX
Elegant Rest Design Webinar
Stormpath
 
PPTX
Making Sense of API Access Control
CA API Management
 
PPTX
Token Authentication for Java Applications
Stormpath
 
PDF
OAuth 2.0
Uwe Friedrichsen
 
PDF
Stateless authentication for microservices - GR8Conf 2015
Alvaro Sanchez-Mariscal
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
PPTX
An Introduction to OAuth2
Aaron Parecki
 
PPTX
Oauth 2.0 security
vinoth kumar
 
PPTX
The State of OAuth2
Aaron Parecki
 
PPTX
Secureyourrestapi 140530183606-phpapp02
Subhajit Bhuiya
 
PPTX
Build a Node.js Client for Your REST+JSON API
Stormpath
 
PPTX
OAuth2 + API Security
Amila Paranawithana
 
PPTX
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
PPTX
Single-Page-Application & REST security
Igor Bossenko
 
PPTX
REST API Design for JAX-RS And Jersey
Stormpath
 
ODP
OAuth2 - Introduction
Knoldus Inc.
 
PDF
Securing REST APIs
Claire Hunsaker
 
PPTX
An Introduction to OAuth 2
Aaron Parecki
 
Demystifying OAuth 2.0
Karl McGuinness
 
REST Service Authetication with TLS & JWTs
Jon Todd
 
Elegant Rest Design Webinar
Stormpath
 
Making Sense of API Access Control
CA API Management
 
Token Authentication for Java Applications
Stormpath
 
OAuth 2.0
Uwe Friedrichsen
 
Stateless authentication for microservices - GR8Conf 2015
Alvaro Sanchez-Mariscal
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
An Introduction to OAuth2
Aaron Parecki
 
Oauth 2.0 security
vinoth kumar
 
The State of OAuth2
Aaron Parecki
 
Secureyourrestapi 140530183606-phpapp02
Subhajit Bhuiya
 
Build a Node.js Client for Your REST+JSON API
Stormpath
 
OAuth2 + API Security
Amila Paranawithana
 
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
Single-Page-Application & REST security
Igor Bossenko
 
REST API Design for JAX-RS And Jersey
Stormpath
 
OAuth2 - Introduction
Knoldus Inc.
 
Securing REST APIs
Claire Hunsaker
 
An Introduction to OAuth 2
Aaron Parecki
 
Ad

Similar to Using OAuth with PHP (20)

PDF
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
apidays
 
PDF
Secure Webservices
Matthias Käppler
 
PDF
OAuth2 & OpenID Connect with Spring Security
Shuto Uwai
 
PDF
Twitter4R OAuth
Susan Potter
 
PDF
Stateless Microservice Security via JWT and MicroProfile - Mexico
Otávio Santana
 
PDF
Stateless Microservice Security via JWT and MicroProfile - ES
Otavio Santana
 
PDF
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
PDF
The Many Flavors of OAuth - Understand Everything About OAuth2
Khor SoonHin
 
PPT
UserCentric Identity based Service Invocation
guestd5dde6
 
PDF
Deconstructing and Evolving REST security
Jonathan Gallimore
 
PDF
The Identity Problem of the Web and how to solve it
Bastian Hofmann
 
PDF
Some OAuth love
Nicolas Blanco
 
PDF
Patterns to Bring Enterprise and Social Identity to the Cloud
CA API Management
 
PDF
Integrating services with OAuth
Luca Mearelli
 
PDF
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
Cyber Security Alliance
 
PPTX
2023-May.pptx
mnaeemuetcs
 
KEY
Rails 3 and OAuth for Barcamp Tampa
Bryce Kerley
 
PDF
OAuth and OEmbed
leahculver
 
PDF
Oauth Nightmares Abstract OAuth Nightmares
Nino Ho
 
PPTX
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...
apidays
 
Secure Webservices
Matthias Käppler
 
OAuth2 & OpenID Connect with Spring Security
Shuto Uwai
 
Twitter4R OAuth
Susan Potter
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Otavio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
The Many Flavors of OAuth - Understand Everything About OAuth2
Khor SoonHin
 
UserCentric Identity based Service Invocation
guestd5dde6
 
Deconstructing and Evolving REST security
Jonathan Gallimore
 
The Identity Problem of the Web and how to solve it
Bastian Hofmann
 
Some OAuth love
Nicolas Blanco
 
Patterns to Bring Enterprise and Social Identity to the Cloud
CA API Management
 
Integrating services with OAuth
Luca Mearelli
 
ASFWS 2012 - Contourner les conditions d’utilisation et l’API du service Twit...
Cyber Security Alliance
 
2023-May.pptx
mnaeemuetcs
 
Rails 3 and OAuth for Barcamp Tampa
Bryce Kerley
 
OAuth and OEmbed
leahculver
 
Oauth Nightmares Abstract OAuth Nightmares
Nino Ho
 
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
Ad

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Teaching material agriculture food technology
LiaRayya
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
A Presentation on Artificial Intelligence
memembruh336
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

Using OAuth with PHP

  • 1. Using OAuth with PHP Dave Ingram @dmi 4th November 2010
  • 5. Coming up • What is OAuth? • How do you write a Consumer in PHP? • What doesn’t OAuth do? • Thoughts on being a Provider
  • 6. What is OAuth anyway?
  • 7. A long time ago, in a website not far away. . .
  • 19. YOU REVEAL YOUR USERNAME AND PASSWORD
  • 35. To sign requests, you need: Consumer key Consumer secret (Unique per application) + Access token Access secret (Unique per application user)
  • 36. Step 1: Register with the provider
  • 37. I would like my OAuth application to consume your service please, Mr. Provider.
  • 38. Certainly. I just need to take a few details from you, and we’ll be all set.
  • 41. Step 2: Write your application Step 3: ?????? Step 4: Profit!
  • 42. Step 2: Write your application Step 3: ?????? Step 4: Profit!
  • 43. User Consumer Provider User clicks connect
  • 44. User Consumer Provider C C Ask provider for request token
  • 45. User Consumer Provider C C R R Provider returns request token and request secret
  • 46. User Consumer Provider C C R R R Redirect user to provider
  • 47. User Consumer Provider C C R R R R User logs in/authorises app
  • 48. User Consumer Provider C C R R R R V Provider redirects user back to app with verifier
  • 49. User Consumer Provider C C R R R R V V User’s arrival with verifier notifies app
  • 50. User Consumer Provider C C R R R R V V C C R R V App then exchanges request token for access token
  • 51. User Consumer Provider C C R R R R V V C C R R V A A Provider returns access token and access secret
  • 52. User Consumer Provider C C R R R R V V C C R R V A A C C A A App makes request on user’s behalf
  • 53. Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, );
  • 54. Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, ); // Fetch the request token $response = $o->getRequestToken( 'https://api.twitter.com/oauth/request_token' ); // Save for later exchange $_SESSION['req_token'] = $response['oauth_token']; $_SESSION['req_secret'] = $response['oauth_token_secret'];
  • 55. Get request token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, ); // Fetch the request token $response = $o->getRequestToken( 'https://api.twitter.com/oauth/request_token' ); // Save for later exchange $_SESSION['req_token'] = $response['oauth_token']; $_SESSION['req_secret'] = $response['oauth_token_secret']; // Send user to provider's site header('Location: https://api.twitter.com/oauth/authorize'. '?oauth_token='.$response['oauth_token']);
  • 57. Get access token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the request token $o->setToken($_SESSION['req_token'], $_SESSION['req_secret']);
  • 58. Get access token // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the request token $o->setToken($_SESSION['req_token'], $_SESSION['req_secret']); // Exchange request for access token (verifier is automatic) $response = $o->getAccessToken( 'https://api.twitter.com/oauth/access_token' ); // Save access tokens for later use $current_user->saveTwitterTokens( $response['oauth_token'], $response['oauth_token_secret'], ); header('Location: /twitter-link-ok');
  • 60. Make API requests // Create OAuth client object $o = new OAuth( MY_CONSUMER_KEY, MY_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1 ); // Sign requests with the access token $o->setToken( $current_user->getTwitterToken(), $current_user->getTwitterSecret() ); $args = array('status'=>'O HAI TWITTER LOOK AT MAH KITTEH LOL!'); $oauth->fetch( 'https://api.twitter.com/v1/statuses/update.json', $args, OAUTH_HTTP_METHOD_POST ); $json = json_decode($oauth->getLastResponse()); printf("Result: %sn", print_r($json, true));
  • 62. No proof of server identity (use TLS)
  • 63. No proof of server identity (use TLS) No confidentiality (use TLS/SSL)
  • 64. No proof of server identity (use TLS) No confidentiality (use TLS/SSL) No open-source consumer
  • 65. Thoughts on being a Provider
  • 66. Very easy to be a Consumer
  • 67. Very easy to be a Consumer Many design decisions to make as a Provider
  • 68. Very easy to be a Consumer Many design decisions to make as a Provider A fair amount of work, and not always easy to change your mind
  • 69. Very easy to be a Consumer Many design decisions to make as a Provider A fair amount of work, and not always easy to change your mind For example. . .
  • 70. How large a range of timestamps do you allow?
  • 71. How large a range of timestamps do you allow? What permission granularity do you provide?
  • 72. How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets?
  • 73. How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter)
  • 74. How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter) What about attacks? Phishing, DoS, clickjacking, CSRF
  • 75. How large a range of timestamps do you allow? What permission granularity do you provide? What format and length are tokens/secrets? Do you identify actions as coming from particular consumers? (e.g. Twitter) What about attacks? Phishing, DoS, clickjacking, CSRF Beware proxying/caching (use the right headers!)
  • 76. Links OAuth Spec: http://oauth.net/ Intro/tutorial: http://hueniverse.com/ PECL extension: http://pecl.php.net/oauth/ Me: http://twitter.com/dmi http://www.dmi.me.uk/talks/ http://www.dmi.me.uk/code/php/ Slides: http://slideshare.net/ingramd