Auth response

Auth response is the PHP array resulted from successful authentication with Opauth.

Auth response is usually received by a designated Opauth callback (example) via session, POST or GET.

Auth response array format

• auth (required) - A wrapper of auth response

  • provider (required) - The provider with which the user authenticated (e.g. 'Twitter' or 'Facebook')

  • uid (required) - An identifier unique to the given provider, such as a Twitter user ID.

  • info (required) - An array containing information about the user

    • name (required) - The best display name known to the strategy. Usually a concatenation of first and last name, but may also be an arbitrary designator or nickname for some strategies

    • email - The e-mail of the authenticating user. Should be provided if at all possible (but some sites such as Twitter do not provide this information)

    • nickname - The username of an authenticating user (such as your @-name from Twitter or GitHub account name)

    • first_name

    • last_name

    • location - The general location of the user, usually a city and state.

    • description - A short description of the authenticating user.

    • image - A URL representing a profile image of the authenticating user. Where possible, should be specified to a square, roughly 50x50 pixel image.

    • phone - The telephone number of the authenticating user (no formatting is enforced).

    • urls - An array containing key value pairs of an identifier for the website and its URL. For instance, an entry could be 'facebook' => 'http://facebook.com/uzyn.chua' or 'website' => 'http://gladlycode.com'

  • credentials - If the authenticating service provides some kind of access token or other credentials upon authentication, these are passed through here.

    • token - Supplied by OAuth and OAuth 2.0 providers, the access token.

    • secret - Supplied by OAuth providers, the access token secret.

  • raw - An array of all information gather about a user. It should be converted to array before returning to the user, eg. json_decode if it's in JSON. May contain repeat information from the above.

• timestamp - Time (in ISO 8601 format) when this auth was prepared. Used as a security measure against security_timeout. See Security in Opauth for more info.

• signature - A signature by Opauth to ensure that the enclosed data in this response is valid and unaltered. See Security in Opauth for more info.

Error response

Upon authentication error, Opauth sends the following auth response to callback_url.

• error (required) - A wrapper of error response
  • provider (required) - The provider with which the user authenticated (e.g. 'Twitter' or 'Facebook')
  • code (required) - A short string or number representing the type of error encountered. Use provider's error code, if it is available, or make one up if it is not, eg. access_token_error.
  • message (optional) - Error message, in plain English, describing the error.
  • raw - Any raw data obtained before the error occurs, eg. returned data from provider.
• timestamp - Time (in ISO 8601 format) when this error response was prepared.

Note that no signature is generated for error response.

Credits

Auth response of Opauth is modeled to be similar to OmniAuth's Auth hash but with some differences.