13. How Can the PHP OAuth Client Class Support New OAuth Servers
Updated on: 2022-02-17
Posted on: 2021-03-26
OAuth is a flexible protocol that allows accessing APIs on behalf of users of a given service.
Despite OAuth is a standard, accessing a new OAuth server requires to create custom code to access the respective API or configure a generic OAuth client like this PHP OAuth client class to adapt its behaviour to access OAuth server using specific configuration values.
Read this article to learn how to support a new OAuth server just by adding a few lines to the JSON configuration file that this PHP OAuth client users.
More ... 
Post a comment 
See comments (0) Trackbacks (0)
Despite OAuth is a standard, accessing a new OAuth server requires to create custom code to access the respective API or configure a generic OAuth client like this PHP OAuth client class to adapt its behaviour to access OAuth server using specific configuration values.
Read this article to learn how to support a new OAuth server just by adding a few lines to the JSON configuration file that this PHP OAuth client users.
More ... Post a comment See comments (0) Trackbacks (0)12. Faster PHP Social Login with a PHP OpenID Connect PHP Client
Updated on: 2017-04-09
Posted on: 2017-03-21
Many applications use OAuth authenticate users using their information retrieved from social network accounts with their permission.
However, each social network requires an additional API call to retrieve those user details. That API call is specific to each network, so its URL and parameters vary.
OpenID Connect is an extension of the OAuth2 protocol that allows to retrieve the user details without additional API calls.
Read this article to learn how it works and how you can benefit from OpenID Connect to get the user details faster without social network specific API calls.
More ... Post a comment See comments (2) Trackbacks (0)
However, each social network requires an additional API call to retrieve those user details. That API call is specific to each network, so its URL and parameters vary.
OpenID Connect is an extension of the OAuth2 protocol that allows to retrieve the user details without additional API calls.
Read this article to learn how it works and how you can benefit from OpenID Connect to get the user details faster without social network specific API calls.
More ... Post a comment See comments (2) Trackbacks (0)11. Improving the Protection of your PHP OAuth Client Application Against User Account Leaks
Updated on: 2016-09-19
Posted on: 2016-09-19
When your application needs to call an API with tokens obtained using OAuth, if your application OAuth credentials are stolen, it becomes a security problem that may cause you big headaches.
Read this tutorial to learn about good security practices to minimize the possible damages to your application if your developer user account details in the API site get stolen.
More ... Post a comment See comments (0) Trackbacks (0)
Read this tutorial to learn about good security practices to minimize the possible damages to your application if your developer user account details in the API site get stolen.
More ... Post a comment See comments (0) Trackbacks (0)10. Is Your PHP Application Vulnerable to the HTTPoxy Security Exploit?
Updated on: 2016-07-21
Posted on: 2016-07-21
Recently it was disclosed a security vulnerability called HTTPoxy in Web applications of different languages can be used to perform serious man-in-the-middle attacks (MITM) and disclose sensitive information.
Read this article to learn what is the HTTPoxy vulnerability and how to check if your Web applications are vulnerable.
More ... Post a comment See comments (2) Trackbacks (0)
Read this article to learn what is the HTTPoxy vulnerability and how to check if your Web applications are vulnerable.
More ... Post a comment See comments (2) Trackbacks (0)9. Get Twitter Direct Message Images in PHP with the OAuth API
Updated on: 2015-12-10
Posted on: 2015-09-30
Twitter API allows applications to access users' direct messages but if you want to download images or other media associated with those direct messages, there is no specific API call to do so.
Direct messages are private, so there is no public URL to access the direct messages' images without using OAuth or you are a real logged user accessing Twitter via a browser.
Read this article to learn how to download images that belong to direct messages using authenticated requests with this PHP OAuth client class.
More ... Post a comment See comments (3) Trackbacks (0)
Direct messages are private, so there is no public URL to access the direct messages' images without using OAuth or you are a real logged user accessing Twitter via a browser.
Read this article to learn how to download images that belong to direct messages using authenticated requests with this PHP OAuth client class.
More ... Post a comment See comments (3) Trackbacks (0)7. How to Check if an OAuth Token is Valid?
Updated on: 2015-03-09
Posted on: 2015-03-09
Some Web applications need to show different information to users depending on whether they have authorized API access using OAuth and if the access token is still valid, like for instance showing a login button or not. Read this article to learn about solutions for this problem.
More ... Post a comment See comments (9) Trackbacks (0)
More ... Post a comment See comments (9) Trackbacks (0)6. OAuth Pin Based Authorization for Twitter, LinkedIn, Imgur and Others
Updated on: 2015-01-18
Posted on: 2014-11-25
Some applications need to access OAuth based APIs but since they are not based on regular Web browsers, they need to need to use an alternative method to obtain the user authorization.
Pin based authorization is a method used for instance by applications based on the command line, desktop applications, embedded systems, game consoles, and certain types of mobile apps.
Read this article to learn how the pin based OAuth authorization process works and how can you implement it in your applications using the PHP OAuth API class.
More ... Post a comment See comments (1) Trackbacks (0)
Pin based authorization is a method used for instance by applications based on the command line, desktop applications, embedded systems, game consoles, and certain types of mobile apps.
Read this article to learn how the pin based OAuth authorization process works and how can you implement it in your applications using the PHP OAuth API class.
More ... Post a comment See comments (1) Trackbacks (0)5. 4 Ways to Access an API using OAuth Without User Interaction - OAuth2 Automatic Login with Facebook, Google or Any Other API
Updated on: 2017-04-26
Posted on: 2014-11-10
OAuth is a protocol used to access APIs on behalf of an user but the user does not need to be present when the API is accessed.
There are even ways that allow applications to access APIs using tokens obtained without any user intervention, thus allowing greater application automation.
Read this article to learn about several ways to access a OAuth based API without the user presence to access OAuth2 based APIs like Facebook, Google, Google Drive, Gmail, Blogger Blogspot, Twitter, Magento, Salesforce, etc...
More ... Post a comment See comments (8) Trackbacks (0)
There are even ways that allow applications to access APIs using tokens obtained without any user intervention, thus allowing greater application automation.
Read this article to learn about several ways to access a OAuth based API without the user presence to access OAuth2 based APIs like Facebook, Google, Google Drive, Gmail, Blogger Blogspot, Twitter, Magento, Salesforce, etc...
More ... Post a comment See comments (8) Trackbacks (0)4. Is Your OAuth 2.0 Application Secure?
Updated on: 2014-05-26
Posted on: 2014-05-26
Recently, a security vulnerability named Covert Redirect was discovered in certain implementations of the OAuth 2.0 protocol.
If you have a site that uses OAuth to access the APIs of other sites on behalf of your users, your site may be inadvertently helping attackers to steal your users' data.
Read this article to learn how to check if your application is vulnerable and what you can do to fix it.
More ... Post a comment See comments (3) Trackbacks (0)
If you have a site that uses OAuth to access the APIs of other sites on behalf of your users, your site may be inadvertently helping attackers to steal your users' data.
Read this article to learn how to check if your application is vulnerable and what you can do to fix it.
More ... Post a comment See comments (3) Trackbacks (0)3. Moving OAuth Server Configuration to Separate Files
Updated on: 2014-02-04
Posted on: 2014-02-04
As the OAuth class supports more and more servers, it is because too large, moving the server configuration to separate files is necessary to keep the class more maintainable.
Read this article to learn how you can help to decide how the class will evolve in the future without breaking the applications that use it.
More ... Post a comment See comments (11) Trackbacks (0)
Read this article to learn how you can help to decide how the class will evolve in the future without breaking the applications that use it.
More ... Post a comment See comments (11) Trackbacks (0)
