Hello, please sign in or register
You are here: Home

OAUTH WRAP

OAuth WRAP (Web Resource Authentication Protocol) is an attempt to redefine the way in which web services grant access for another service to view and edit content on behalf of a user. An example of this is given in the micro blogging world, where you might want to propagate a message to a plethora of services like Facebook Wall, Twitter, etc....

This code connection is taken from a Python script. Hit this for Oauth WRAP examples and crash course


DEMO

Here's the friendfeed demo http://sandbox.knarly.com/oauth/wrap.php


CODE BABY!

<?php
/**
* This script makes a connection to a oauth_wrap server
* OAuth Wrap is an identity checking facility, which lets users grant access to external services, by assigning an access token.
* In this example we connect to the Oauth wrap server at friendfeed
*
* @author Andrew Dodson
* @since March 2010
*
*/

$oauths=array(
'friendfeed' => array(
'path' => "https://friendfeed.com/account/wrap/access_token",
'login' => 'https://friendfeed.com/account/wrap/authorize',
'key' => 'put-your-key-here',
'secret'=> 'put-your-secret-here',
),
);


if( ( $srv = @$oauths[@$_GET['service']] ) ){

// if this is the first time the user has connected
if(empty($_GET['wrap_verification_code'])){
// Redirect the user to the authenticating server to sign in.
redirect( $srv['login'], (array(
'wrap_client_id' => $srv['key'],
'wrap_callback' => "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
'wrap_client_only' => 'true'
)));

}
else{
// else check that the wrap_verification_code came from the server we're interrogating
r(file_get_contents( $srv['path'] . '?' . implode_with_key(array(
'wrap_client_id'=>$srv['key'],
'wrap_client_secret'=>$srv['secret'],
'wrap_callback' => urlencode("http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?service='.$_GET['service']),
'wrap_verification_code'=>urldecode($_GET['wrap_verification_code']),
))));
}
}

function r(){
print print_r(func_get_args(),true);
}


function redirect($u,$p){
print "<a href='$u?". http_build_query($p) . "'>Login at $u</a> | ";
}

function implode_with_key($a){
$r=array();
foreach($a as $k=>$o)
$r[] = $k.'='.$o;
return implode('&',$r);
}

// GUI
// PRINT ALL THE OAUTH SERVICES TO THE SCREEN
foreach($oauths as $k => $o){
print ' | <a href="'.$_SERVER['SCRIPT_NAME'].'?service='.$k.'">'.$k.'</a>';
}
?>

NOTE: I went through a bunch of pain trying to get this to work. For instance i couldn't use http_build_query, because it url-encoded the wrap_verification_code Replacing '|' with '%7C'... urrgh!

The result

We get two token's in a string ... that's right, count'em
wrap_refresh_token=127aa9c88dbbe56f6asd18d4159bd83af8ba71ce&wrap_access_token=da9898ae197a4a888bb8718e273a2625|b2318af163c646178b979as806067989

 What you do with them depends on the authenticating server. And you'll need to be aware of what services they have etc... 

Ok we've got the token's, now what?

Friendfeed, for example (at the time of writing no one else has this working), lets us grab a JSON of the users personables from the server.

file_get_contents("https://friendfeed-api.com/v2/validate?wrap_access_token=".$wrap_access_token);

And the users microblogs... 

file_get_contents("https://friendfeed-api.com/v2/feed/home?wrap_access_token=".$wrap_access_token);

Questions

So i've got a few questions about this, mostly related to whether their is a client implementation. I.e. do i have to login twice for the client side authentication, if i want to use the Javascript API's and again for the server side... since the access code is only for server to server communication

The coverage

So Facebook and Microsoft have both announced support for this format to arrive in 2010. In part because their own bespoke delegation and authentication methods were a drag to implement... bring on standards.


Comments

VTuIJkcPt
I don't know who you wrote this for but you hleepd a brother out.
Created 08/08/11
UosqSvvkQFZJsbIfeA
K6iVKB fniyqkvqovmd
Created 09/08/11
kKqxjMzuNTBm
agQ1Tk , [url=http://djkhpfiumeff.com/]djkhpfiumeff[/url], [link=http://dvvocceddbeg.com/]dvvocceddbeg[/link], http://fxzuojkexcfy.com/
Created 09/08/11
CvrVfczwGicROlSTsY
VHEXHJ wnnkwmfqdloq
Created 11/08/11
CFwHiuORsRBoBeXO
eiOdN8 , [url=http://dchbpqlhhsks.com/]dchbpqlhhsks[/url], [link=http://cyztqmqkqfng.com/]cyztqmqkqfng[/link], http://piydyeatmksm.com/
Created 16/08/11
Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

Andrew Dodson
Since:Feb 2007

Comment | flag

Categories

Bookmark and Share