I want oAuth verification process for a mobile application.For that i need to setup an oAuth server which listens to the requests and grant the access tokens.How do i set this up?I didnt found any relevant help on net.Please let me know.Also it will be good if it could be done using CakePHP
Regards
Himanshu Sharma
You would need an OAuth library for PHP that implements an OAuth service provider.
There are PECL and PEAR OAuth libraries, but my personal testimony is oauth-php as its simpler. I implemented both a server and client with it.
I cant comment on writing a service provider in Cake.
Updates based on OP's comments
Copy that directory to your PHP application to "install" it. You would need only CURL support from your host. There are no other prerequisites from the part of your host.
I did these steps to write an OAuth provider with oauth-php, do try these, google it and ask new questions when you get stuck.
read illustrated guides on how OAuth works
Studied relevant chapters from http://oauth.net/core/1.0a/ (try this order: 3,4, appendix,6 and 7 to start with)
read the example files included with the library, and see the how-tos in site's pages
hack those files and build it up your application
Related
I am new to GoogleAPIs and Laravel, I run a PHP web application on Laravel 8 in a virtual Linux environment. Socialite and Drive API was working fine and out of sudden it doesn't work anymore and always return connection refused error after long period of loading as follows:
GuzzleHttp\Exception\ConnectException
Connection refused for URI https://www.googleapis.com/oauth2/v4/token
I had tried to create a new credential with new refresh token and checked all the network settings, and always clear config cache and restart apache for all troubleshoots I have tested, yet the error still exists.
I would appreciate it much if anyone could enlighten me on what are the aspects I shall look into it.
There are multiple issues in this question.
First and foremost, you are sending your secret to a third party. This means that they are able to do any API calls as you (using your name and quotas). Even if they claim that they won't, they can. Please remove any secret you may have and create new ones.
As for the OAuth 2.0, you seem to be using an old URL. You should probably take a look into the official documentation for:
Using OAuth 2.0 to Access Google APIs for a basic explanation.
Using OAuth 2.0 for Web Server Applications for making a web and getting permissions to get/modify a user's data (can be yourself).
Using OAuth 2.0 for Server to Server Applications for using a service account to execute as one of the users on your organization, without the need of manually giving permission.
Also notice that there are PHP libraries officially supported by Google to make your life way easier. See the Drive API's PHP Quickstart.
I am trying to create an API to connect to ETSY and obtain orders information. They require authentication with OAuth.
I am looking for a script that can do the OAuth step relying on an external library, and not on a pre-installed server package, as ipage.com (my current host) does not have the OAuth package installed.
Not sure where you got that code from exactly, but the correct class you want to instantiate is \OAuth\OAuth1\Service\Etsy. Each service in the library has its own class.
You don't have to look at the individual implementations for connecting users with your app. We already have abstracted that part for you. The easiest way to get you started with the Etsy service is to copy the example.
You can add your key and secret here.
Once the user has approved your app you can start making requests to the service. An example of this can be found here.
From that point on you can simply make requests by doing $etsyService->request('/whatever/you/want/to/get') by choosing the correct path from http://www.etsy.com/developers/documentation.
Probably because etsy did not return a login_url
First, try print_r($req_token) - see if that provides anything useful (like an error message)
Failing that, if $req_token is false, you may want to see if your SSL libraries are up to par. Try a phpinfo(); and check the PHP error log to see if either (1) SSL is not supported for your PHP install or (2) there is an error with the SSL connection.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
Story is that I need to make my website act as Identity Provider (read: IDP). Website itself is on Zend platform. Idea is making a IDP controller by which Service Providers (read: SP) contacts IDP. As it must be part of the website, I would need to include some extension, which could be easily used for responding SAML requests from SP.
I have found list of PHP extensions from:
https://wiki.surfnetlabs.nl/display/OSP/RFC+-+OpenSAMLphp,+a+new+PHP+library+for+SAML+2.0+support
All of these extensions have little documentation or are too complex. For example I haven't found a way to use SimpleSamlPHP in my application and also extracting useful code out of it looks very time consuming (which I really don't have anymore). Also I find all of them hard to implement into website.
I have been googling and checking github for days now, trying to find easy way to use some library (right now I'm trying to implement Lasso, which seems reasonable, but unfortunately lacks good examples / information how to use it as IDP).
Any kind of criticism, ideas, help or tutorial/code examples would be useful.
I wrote a guide about how deploy on an open source software (Tiki-wiki) an IdP using simplesamlphp, and how to connect the IdP to google or salesforce. Take a look:
https://github.com/pitbulk/tiki-saml/blob/master/doc/tiki_wiki_as_idp.rst
SimpleSAMLphp seems intimidating at first but it can handle all the SAML responses for you.
Have you looked at creating custom authentication module - http://simplesamlphp.org/docs/stable/simplesamlphp-customauth
You can tie this module to your existing login mechanism pretty easily.
Check out PingFederate and the PHP Integration Kit from Ping Identity. Alternatively there is the Agentless Integration Kit (instead of PHP) which allows you to integrate using a RESTful API call to the PingFed server instead of embedding any PHP libraries.
HTH,
Ian
I am trying to expose our APIs to the clients and users and I want to allow them to access it only in case when they authorize themselves from our database using Oauth 2.0. I am planning to write it in core PHP. I have done enough research to find it on web. I have seen few codes on http://oauth.net/code under PHP section, but still not able to setup it in running condition. Can someone tell me the exact procedure to setup it on windows xampp machine or any library that I can deploy it directly.