Derek Jones edited this page Jul 5, 2012 · 8 revisions
Clone this wiki locally

Google Code: http://code.google.com/p/oauthr/

OAuthr is a flexible library that handles your OAuth requests using PHP's cURL library, it is built upon the RFC5849: Auth 1.0 Protocol. So far, OAuthr contains the following features:

- Automatically generates dynamic fields, such as 'nonce' and 'timestamp'. - Supports 'HMAC-SHA1', 'RSA-SHA1' and 'PLAINTEXT' as signature metods. - Signatures are generated by the library. - Fully customizable requests, you can add any parameters/cURL options you want set before the request is executed.


The config allows you to customize OAuthrs default settings used for requests. It is located at application/config/oauth.php. A blank config looks like this:

// Default parameters to be sent on each OAuth request
$config['oauthr_params'] = array('oauth_consumer_key'     => '',
                                 'oauth_signature_method' => '',
                                 'oauth_version'          => '1.0');

// Consumer secret used during building HMAC-SHA1 signatures.
// ** Required if you are using the HMAC-SHA1 signature method **
$config['oauthr_consumer_secret'] = '';

// Private key used during building RSA-SHA1 signatures.
// ** Required if you are using the RSA-SHA1 signature method **
$config['oauthr_private_key']     = '';

oauthr_params contains the default parameters that will be sent along with the request. You can add/remove parameters as you like, keep in mind though that according to OAuth standards, the three default parameters above are required for a valid OAuth request.

Note: oauth_signature_method only allows one of the following three values: 'HMAC-SHA1', 'RSA-SHA1' or 'PLAINTEXT'.

oauthr_consumer_secret is the secret provided by the receiver of the request (google, netflix etc.). A consumer secret is usually provided when registering for API access. You only need to set this if you are using the HMAC-SHA1 signature method, since it is used in it's signature method.

oauthr_private_key is your private key relating to a certificate on the receivers server. You only need to set this if you are using RSA-SHA1 as your signature method.

Using the library

OAuthr aims to be only as complex as the user wants. A request can be made in as little as 2 lines of code, but it can also be greatly customized before execution. Here is a basic example of using the library using just the default config settings:


$response = $this->oauthr->request('http://term.ie/oauth/example/request_token.php');

Simple as that! The response contains an array of information, for more info check the 'Response' segment below.

Besides the request method, the library offers 2 more methods that allows for customizing your request before it is executed. For the sake of convenience their examples have been split up, you are free however to use the two methods together in your own code.

» add_param($param, $val) { ... }

This method allows you to add/replace parameters to be sent along with your request. If you declare a parameter that is already defined, it is overwritten. Remember the 'oauth_version' => '1.0' parameter from the config? Declaring a new OAuth version will overwrite that current parameter. Like so:

$this->oauthr->add_param('oauth_version', '2.0');

// add_param also allows arrays as input! Like so:
$params = array('oauth_version' => '2.0',
                'somethingelse' => 'blah');


» add_opt($opt, $val) { ... }

This method allows you to add/replace cURL options that are set before a request. As with add_param, any options already defined are overwritten. One difference here though is that $opt should be a constant, not a variable. Like so:

$this->oauthr->add_opt(CURLOPT_BUFFERSIZE, 200); // This will work
$this->oauthr->add_opt('CURLOPT_BUFFERSIZE', 200); // This will NOT work!

// add_opt also allows arrays as input! Like so:
$opts = array(CURLOPT_BUFFERSIZE     => 200,
              CURLOPT_CONNECTTIMEOUT => 0);


» request($url, $method = 'POST') { ... }

One thing to note regarding the request method is that it by default uses the 'POST' HTTP method to transfer your request. If you wish to change it to 'GET', simply add that as your second parameter. Let's take a look at a more "complex" request:


$opts = array(CURLOPT_BUFFERSIZE     => 200,
              CURLOPT_CONNECTTIMEOUT => 0);


$params = array('oauth_version' => '2.0',
                'somethingelse' => 'blah');


$response = $this->oauthr->request('http://term.ie/oauth/example/request_token.php', 'GET');


Note here that we call the add_param and add_opt methods before the request method, as we obviously want these settings to apply before the request is made.


So far we've saved our request responses in a variable, well, what does it look like?. The request method returns an associative array consisting of 4 key/value pairs:
  • raw: The raw response from the server in string format.
  • curl_getinfo: An associative array containing information about the cURL request.
  • sent_params: An associative array containing all the parameters sent to the server (this would be oauth_version etc.).
  • signature_base_string: The string used for encoding your signature.

Installing the library

Download the OAuthr library from Google Code: http://code.google.com/p/oauthr/, and extract it into your application folder. Setup the config-file (oauthr.php) to your default settings.

Category:Libraries::Authorization Category:Libraries::Authentication Category:Contributions::Libraries::Authentication