Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Opauth - An introduction

Opauth - An introduction

For Singapore PHP User Group
May 22, 2012

U-Zyn Chua

May 22, 2012
Tweet

More Decks by U-Zyn Chua

Other Decks in Programming

Transcript

  1. http://opauth.org
    An Introduction
    Opauth

    View Slide

  2. http://opauth.org
    was released today!
    Opauth

    View Slide

  3. http://opauth.org
    U-Zyn Chua
    gladlyCode.com
    The premier web development firm

    View Slide

  4. http://opauth.org
    Anyone done auth?

    View Slide

  5. http://opauth.org
    What is Opauth?
    Opauth is a
    multi-provider
    authentication framework
    for PHP

    View Slide

  6. http://opauth.org
    What is Opauth?

    View Slide

  7. http://opauth.org
    Why Opauth?

    View Slide

  8. http://opauth.org
    Before Opauth
    RTFM for
    or...
    Deal with each one of them

    View Slide

  9. http://opauth.org
    Before Opauth
    Use an auth library
    Decisions:
    1. What PHP framework do I use?
    2. Which auth library works with my framework?
    (tens of them for each frameworks!)
    3. How is my data structured?
    DB? Cache?
    4. What if I want to extend?

    View Slide

  10. http://opauth.org
    Opauth
    Basic
    It does what it does best, and strictly nothing more
    Makes no assumptions
    Mind your own data
    Standards

    View Slide

  11. http://opauth.org
    Standards?
    Response format
    common data between providers
    Flow control
    Error handling
    You know what to expect!

    View Slide

  12. http://opauth.org
    Standards!
    Authentication standards
    among PHP applications
    benefit
    developers providers

    View Slide

  13. http://opauth.org
    How Opauth works?

    View Slide

  14. http://opauth.org
    Data flow
    PHP application
    Authentication
    providers
    standard proprietary or
    multiple standards

    View Slide

  15. http://opauth.org
    Transport
    Opauth is simple
    yet flexible!
    Opauth works cross-domain!
    Ruby frameworks have Rack
    We have HTTP!
    Session, GET, POST

    View Slide

  16. http://opauth.org
    Security
    HTTP transports are not safe!
    Opauth has security built-in
    Response are signed
    with well-designed scheme
    Timeout

    View Slide

  17. http://opauth.org
    Strategy
    A set of instructions
    that talks to
    respective authentication providers
    and relays the message
    back to Opauth

    View Slide

  18. http://opauth.org
    Auth response
    https://github.com/uzyn/opauth/wiki/Auth-response
    Returned results of Opauth
    successful
    or
    otherwise (error)

    View Slide

  19. http://opauth.org
    Demo

    View Slide

  20. http://opauth.org
    Make a strategy
    1. request()
    2. do magic
    3. prepare auth response
    4. callback()

    View Slide

  21. http://opauth.org
    Make a strategy
    Opauth provides
    HTTP transport library
    Uses basic common PHP functions
    no cURL!
    to not introduce unnecessary dependencies
    Server-side GET
    Server-side POST
    Client-side GET
    Client-side POST
    Include your own library, if you need

    View Slide

  22. http://opauth.org
    Contribute
    Plugins for PHP frameworks
    we have CakePHP & Yii now
    Tests
    Your words
    trainings, tutorials, screencasts
    Strategies

    View Slide

  23. http://opauth.org
    Questions?
    @uzyn
    [email protected]
    #opauth on Freenode

    View Slide