OAuth PHP library

Posted By: Jas Singh

Couple of weeks ago, I wrote a OAuth PHP library. I have been too lazy to post the code or write a blog about it. This post is an attempt to go over the code snippets for using the library. First of all, you need to get your hands at the OAuth PHP library.The library distribution consists of a folder named OAuth. This folder contains the core OAuth library. Other files in the distribution are index.php and callback.php. These files already contain all the code you need to get started. I will go over the code in a little bit. To get started, place all the files on your webserver. For sake of simplicity, let's assume you download all the files into your web root. Follow these steps:
  1. Open the AppConfig.php file inside the OAuth folder. This file contains configuration values specific to your application. You now need to fill in the values for the following variables:

    • consumer_key: This is the consumer key which you got from your Service Provider.
    • consumer_secret: This is the consumer secret which you got from your Service Provider.
    • base_url: This is the URL of the Service Provider.

    Next you will need to set some paths which will be used to request tokens:

    • requesttoken_path: This is the relative path to request a request token.
    • accesstoken_path: This is the relative path to request an access token.
    • auth_path: This is the path where the User will be redirected to so that he can authenticate himself with the Service Provider.
    • callbackURI: The URI to which the User's browser is redirected after the Service Provider validates the User's credentials. Assuming you uploaded the files into your web root, the callbackURI would be something like http://yourdomain.com/callback.php
  2. Open the index.php file. Assuming this is the first page a user will hit on your webserver, the following code will authenticate the User with the Service Provider.

    Create an instance of OAuthClient:

    $consumer_key = AppConfig::$consumer_key;
    		$consumer_secret = AppConfig::$consumer_secret;
    		$apiConsumer = new OAuthClient(AppConfig::$base_url, $consumer_key, $consumer_secret);
  3. When the authenticateUser call is made, the the User is taken to the Service Provider's site. The User will need to enter his credentials on this page. At this point, the User is authorizing the Consumer to access his data from the Service Provider. After the User authenticates with the Service Provider and grants permission for Consumer access, the Service Provider redirects the User's web browser to the callback URI (callbackURI which was set in AppConfig.php). The authenticated request token is appended to the callbackURI as a "oauth_token" parameter.

  4. Open callback.php page. On this page, the Consumer exchanges the Request Token for an Access Token capable of accessing the Protected Resources.

    $oauth_token = $_GET["oauth_token"];
    		$token_secret = $_GET["oauth_token_secret"];
    		$success = $apiConsumer->getAccessToken(

    If the above call is successful, you can retrieve the access token and token secret using the following methods.

    $access_token = $apiConsumer->getToken();
    		$token_secret = $apiConsumer->getTokenSecret();

    You need to store the access token and the token secret. You will require this to make calls for protected resources

  5. To make requests for protected resources:

    Set the content type depending upon the type of response you want returned. For example to get response in form of JSON:

    $getContentType = array("Accept: application/json");

    Make the call:

    $response = apiConsumer->doRequest(
    		  $requestUrl, $getContentType);

    For API calls requiring a POST:

    $postContentType = array("Accept: application/json",
    		"Content-type: application/json");

Posted In: API, Tips,

Bradford Hull said: on October 5, 2009 at 11:12 AM

This is a bit confusing to me; I doubt if I’m the only person who is doing what I’m doing, so this is probably also confusing other people.
I’m trying to write a simple ajax app to allow a user to look up an address or phone number for a person.  When I read this blog post, I have to guess that the Service Provider you’re talking about is Fellowship One, since our own service provider isn’t going to know or provide anything relative to this in any situation I can see.  So I will wait and see if I eventually get a key; I waited a week and got an email requesting me to resubmit the confusing form with one value changed, so I did that last week.  I hope to hear back this week, and maybe I can start trying something.  I’m not sure why it takes so long, but I’m also not sure why 2/3 of the questions on the application for an API key were there.  I would love to know what scenario you guys are writing all this for, because it sure isn’t ours. This makes it exceedingly challenging/frustrating to do what should be pretty simple.

Bradford said: on October 7, 2009 at 09:15 AM

Yes, thank you, the API key did arrive.  I am sure the documentation that’s already there will suffice for my needs, along with Jas’s nice php modules.

Commenting is not available in this channel entry.


Previous Posts:

Subscribe to the RSS feed!