hybrid authentication - talking to major social networks
TRANSCRIPT
Hybrid Authentication - Talking to major social networks
Md. Rayhan Chowdhury
Md. Rayhan Chowdhury | [email protected] 2phpXperts 2011
You have developed a Wow application. &
You're sure everybody will like it.
Md. Rayhan Chowdhury | [email protected] 3phpXperts 2011
Please Register to
taste our
WOW Service?
Okey, cool,
will try later...
Md. Rayhan Chowdhury | [email protected] 4phpXperts 2011
How can you avoid this boring
registration?
Md. Rayhan Chowdhury | [email protected] 5phpXperts 2011
Hybrid Authentication
Login with Google Account
Login with Facebook
Login with Windows Live
User
Md. Rayhan Chowdhury | [email protected] 6phpXperts 2011
It has Benefits too
Hassle free login/registration
More website users
Successful Business
More money
You
Md. Rayhan Chowdhury | [email protected] 7phpXperts 2011
There is also a bonus!
You have access to user's social data, friend base
Md. Rayhan Chowdhury | [email protected] 8phpXperts 2011
Isn't it too complex?
Cool! But ....
Is there any standard?
How to implement?
Md. Rayhan Chowdhury | [email protected] 9phpXperts 2011
OAuth 2.0
Yes, there is a standard and its so simple with
Md. Rayhan Chowdhury | [email protected] 10phpXperts 2011
What is OAuth? Stands for Open Authorization Before OAuth: Google AuthSub, AOL OpenAuth, Yahoo
BBAuth, Flickr API, Amazon Web Services API, FacebookAuth
First introduced in 2006
Designed for API access delegation
Md. Rayhan Chowdhury | [email protected] 11phpXperts 2011
OAuth 2.0
Next evolution of OAuth 1.0
Easy to implement
More flows to support desktop and mobile and living room devices
Not backward compatible with OAuth 1.0
Md. Rayhan Chowdhury | [email protected] 12phpXperts 2011
OAuth 2.0 flows are
User-Agent Flow
Web Server Flow
Device Flow
Username and Password Flow
Client Credentials Flow
Assertion Flow
Md. Rayhan Chowdhury | [email protected] 13phpXperts 2011
How does OAuth 2.0 work?
Client (Your website)
Resource Owner
Authorization Server
Resource Server
Authorization Request
Authorization Code
Request Access Token
Access Token
Access Token
Protected Resource
Md. Rayhan Chowdhury | [email protected] 14phpXperts 2011
Web Flow – Implementation
Register your app @ https://code.google.com/apis/console/b/0/
Md. Rayhan Chowdhury | [email protected] 15phpXperts 2011
Web Flow – Get Authorization Code
https://accounts.google.com/o/oauth2/auth?client_id=...&response_type=code&redirect_uri=...&scope=...
http://mine2share.com/labs/oauth2/callback.php?code=authorization_code
Login with Google Account
Md. Rayhan Chowdhury | [email protected] 16phpXperts 2011
Web Flow – Get Access Code
Now from your Redirect URI, make a post request using CURL with following parameters
{"access_token" : "...",
"expires_in" : 3600}
https://accounts.google.com/o/oauth2/token?client_id=...&client_secret=...&grant_type=authorization_code&code=..&redirect_uri=...
Md. Rayhan Chowdhury | [email protected] 17phpXperts 2011
Web Flow – Get Resource
Use the access_token to get granted resources
array (
'id' => '1150948574743835905','email' => '[email protected]','verified_email' => true,'name' => 'Faisal Morshed','given_name' => 'Faisal','family_name' => 'Morshed',
)
https://www.googleapis.com/oauth2/v1/userinfo?access_code=...
Md. Rayhan Chowdhury | [email protected] 19phpXperts 2011
OAuth2Consumer::getInstance('Facebook', array(
'client_id' => 'your-client-id',
'client_secret' => 'your-client-secret',
'redirect_uri' => 'http://yoursite/callback.php',
'scope' => 'email,read_stream',
'base_uri' => 'https://graph.facebook.com/',
'authorize_uri' => 'https://graph.facebook.com/oauth/authorize',
'access_token_uri' => 'https://graph.facebook.com/oauth/access_token',
));
Configure OAuth2Consumer classFile: config.php
Md. Rayhan Chowdhury | [email protected] 20phpXperts 2011
Get user authorization
Oauth2Consumer::getInstance('Facebook')->authorize();
File: connect.php
Step 1
Md. Rayhan Chowdhury | [email protected] 22phpXperts 2011
Grab the Access Token
Save this access token
File: callback.php
Step 2
$oauth2 = Oauth2Consumer::getInstance('Facebook');
$accessToken = $oauth2->getAccessToken();
Md. Rayhan Chowdhury | [email protected] 23phpXperts 2011
Use the API with Access Token
$oauth = Oauth2Consumer::getInstance('Facebook');$oauth->setVariable('access_token', $accessToken);
$profile = $oauth->api('me');$friends = $oauth->api('me/friendlists');$albums = $oauth->api('me/albums');
Set the access token
Use the API as much as you want
Step 3
Md. Rayhan Chowdhury | [email protected] 24phpXperts 2011
Decide to Login or Register
User is new? create an account first
Otherwise, log him/her in to your app
keep users and connections table separate
Users
Connections
1
n
Md. Rayhan Chowdhury | [email protected] 25phpXperts 2011
Socialize Your Application
Encourage user to add more connections
You have read/write access, so Engage more
Respect user's opinion
Remember! never misuse
Md. Rayhan Chowdhury | [email protected] 27phpXperts 2011
References
Google API:Documentation: http://code.google.com/apis/accounts/docs/OAuth2.htmlAPI Console: https://code.google.com/apis/console/b/0/
Facebook:API Console: https://developers.facebook.com/appsDocumentation: https://developers.facebook.com/docs/authentication/
Windows Live:API Console: https://manage.dev.live.com/Documentation: http://msdn.microsoft.com/en-us/library/hh243647.aspx
OAuth 2.0:http://tools.ietf.org/html/draft-ietf-oauth-v2-22http://oauth.net/2/
Oauth2Consumer Class & Example:http://raynux.com/ray/labs/projects/oauth2.zip
