A talk given at PHP London on 4th November 2010. This provides an introduction to OAuth and a simplistic PHP implementation of a consumer, as well as a few things to think about when creating a provider.
67. Very easy to be a Consumer
Many design decisions to make as a Provider
68. Very easy to be a Consumer
Many design decisions to make as a Provider
A fair amount of work, and not always easy to change
your mind
69. Very easy to be a Consumer
Many design decisions to make as a Provider
A fair amount of work, and not always easy to change
your mind
For example. . .
71. How large a range of timestamps do you allow?
What permission granularity do you provide?
72. How large a range of timestamps do you allow?
What permission granularity do you provide?
What format and length are tokens/secrets?
73. How large a range of timestamps do you allow?
What permission granularity do you provide?
What format and length are tokens/secrets?
Do you identify actions as coming from particular
consumers? (e.g. Twitter)
74. How large a range of timestamps do you allow?
What permission granularity do you provide?
What format and length are tokens/secrets?
Do you identify actions as coming from particular
consumers? (e.g. Twitter)
What about attacks? Phishing, DoS, clickjacking, CSRF
75. How large a range of timestamps do you allow?
What permission granularity do you provide?
What format and length are tokens/secrets?
Do you identify actions as coming from particular
consumers? (e.g. Twitter)
What about attacks? Phishing, DoS, clickjacking, CSRF
Beware proxying/caching (use the right headers!)