I have been struggling to find an active open-source PHP project that supports OAuth 2.0 as a server. There are tons of client examples that connect to Facebook, Twitter, etc. but as more and more people want to expose their own services through an API I'm a bit surprised the open source community hasn't addressed this need already. It's not that there is nothing but what's there is mostly out-of-date, little-to-no documentation, and very little to no activity in terms of current development and conversation.
Am I missing a good open-source option out there? Does anyone know of any commercial options? I really need to get something in place soonish and I personally don't have the bandwidth or security credentials to tackle this problem myself.
After much searching around I believe I have found the best solution for PHP'ers out there. Opinions are a dime a dozen but here's my favourite:
http://bshaffer.github.io/oauth2-server-php-docs/
Very active, high quality conversation and a solid product along with good (and improving) documentation.
Here is the list of available server and client libraries:
http://oauth.net/2/
which leads to a github project which is maintained.
oauth2 server by php league is much more followed and downloaded project on github. My personal experience has been awesome and the best part is it's documentation. Excellent implementation of oauth2.
According to http://www.zimuel.it/oauth2-apigility/ & http://apigility.org/documentation/auth/authentication-oauth2
You now can implement OAuth 2.0 Server using the open source project Apigility, with Brent Shaffer's implementation underneath...
in the end...
The OAuth2 implementation in Apigility uses the oauth2-server-php
library by Brent Shaffer. Apigility uses a PDO database to store all
the information related to the OAuth2 protocol. You can create your
database using the schema reported in the file
/vendor/zfcampus/zf-oauth2/data/db_oauth2.sql under your Apigility
installation folder (zf-apigility-skeleton).
Related
My question is rather simple. Is there a system for CodeIgniter that allows both local and 3rd party login? (Such as FB/Twitter/Google etc.)
I've tried A3M but it's hard to use and requires tinkering before it will even work out of the box, as is the case with outdated software.
My current solution is flexi auth, however it doesn't offer 3rd party login at all, and after an email to the developer it doesn't look like he's planning on integrating it anytime soon.
So does anyone know of a good system that is up-to-date and provides both 3rd party and local login?
If there isn't one, what other PHP framework does have such a package?
Edit for Clarity: I'm looking for a system that does both these things. While I appreciate the answers and comments with systems that I can integrate myself, the end result of that will be shaky at best. There's gotta be someone who's done this before, all integrated into one package so it's designed to work together.
I was also looking for something like this just a month ago, but unsuccessfully. The only framework that has it all integrated in a simple way that I have seen is meteor, but it is not a PHP framework.
I had to do it myself by wrapping different PHP libraries in CI libraries. The source code is on github: CI Twitter and Who You Meet (a live web app), that has Twitter, LinkedIn and Facebook authentication and also a lot of local authentication logic with email verification and password recovery.
I know it can be considered a shameless promotion, but I hope it is useful. Although it is not exactly what you are looking for, it seems to be rather stable, so feel free to re-use it.
Maybe you will have time to extract all this logic in a standalone library (like I did for twitter) for other folks to use :)
If you want a CI OAuth2 implementation you can use this library which is both client and server:
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Otherwise for OpenID use this library:
https://github.com/EllisLab/CodeIgniter/wiki/OpenID
I am trying to find a tutorial on how to build an oAuth2 Provider with PHP. I googled about it and no results came up. Exists out there any guides on how to do this? Or something like a library that can help me implement an oAuth2 Service Provider with PHP?
https://github.com/bshaffer/oauth2-server-php this will be helpfull for you to get idea.
I've been looking for the same thing for a while now, but I haven't found much. oAuth2 is still in draft. The current version as of this writing is 30.
The best things I'v found are a Google Code project that supports version 9 of the spec, which could be fairly outdated. You can find that project here.
I have also found this article on how to write it yourself, though I haven't looked at the post in sometime - How to write a complete OAuth Provider in PHP5.
It looks like there is some movement with the Zend Framework 2 which looks hopeful. It looks like an RFC was in June, 2012: RFC - OAuth 2.0
I'm certainly anxious for something to use myself.
Similar questions have been asked as well for reference which include the links to projects referenced above:
Set up a PHP OAuth Provider
Are there OAuth 2 server side PHP or Java implementations?
Hope that helps!
Anyone find/use/recommend an oAuth2 provider library/class?
Is there some code out there (under BSD or similar license preferably) that implements provider support for OAuth without needing PECL OAuth extension? Zend Framework's Zend_Oauth is pretty good, but it is only the consumer side. So I wonder if there's something like that but for doing the other side (i.e. making OAuth server).
Note that I'm not looking for how to do that with pecl/oauth - this I already have, see for example, Set up a PHP OAuth Provider - but unfortunately not all people can install PECL extensions, so I'm looking for some solution that would reduce requirements.
Have you taken a look at http://pear.php.net/package/HTTP_OAuth/?
I've ended up making some implementation for Oauth provider for Zend Framework, which can be seen here: https://github.com/smalyshev/Zend_OAuth_Provider
I'll improve it if time permits but it works for me right now.
I need a php lib that can auth using OpenID against sites offering this service, like Google, Yahoo, Wordpress, etc...
Anyone used any lib that actuallly works? I've tryied a few but couldn't get any to auth against Google, Yahoo, or Wordpress.
I would highly recommend LightOpenID by Mewp. It comes with a great example and has no unusual dependencies (the only requirement you need to be aware of is that of the CURL PHP extension). It's entirely self-contained, it's only one file, and the code is very readable. There are more tasty details.
Zend.OpenID
With Zend Framework, you can simply use the Zend_OpenID component without having to use the MVC functionality or any configuration files that are not concerned with OpenID
phpOIDC implements both consumer and provider for OpenID connect.
OpenID connect is a new spec that was released in 2014 and is worth looking at.
About to start working on a social networking site, but I'd like to incorporate OpenID logins.
The JanRain plugin is packed in Debian, but seems flakey, and my brief interactions with it so far have not gone well. There's a bunch of others out there, but which ones are people using in production?
The OpenID Wiki has a great list of libraries available for PHP. Always begin your searches in the official documentation.
I have personally used and recommend EasyOpenId (requires PHP OpenID).
See PHP library for openID for a list of other PHP OpenID libraries.
I personally use the PEAR OpenID library.
I've used the Zend_OpenID library from the Zend Framework and had good success with that. Very easy to setup and very easy to use. Their documentation on it is pretty extensive as well and comes with some good code samples that should show you everything you need to know. I used this briefly on one of my sites I was working on and only removed it because users didn't like OpenID in general. But the implementation was quick and easy.
Zend Framework OpenID Documentation