Other Configuration

Hi,
THis looks like the best library I have found thus far, and was looking for a bit of guidance.

How can I set up this oAuth library with the following API?

github.com/buzzdata/api-docs/blob/m ...

Thanks

Since there is no built-in support for this OAuth server, you need to configure some variables manually.

In this picture you have some example values of an application.

raw.github.com/buzzdata/api-docs/ma ...

You need to create yours and assign the class variables this way:

client_id <- Consumer key

client_secret <- Consumer secret

oauth_version = '2.0'

dialog_url = 'http://staging.buzzdata.com/oauth2/token'

access_token_url = 'http://staging.buzzdata.com/oauth2/token'

Thanks Manuel!

Although I had already made the configuration and had some success.

I am wondering how I can configure this library so that it stops to ask the user for access.
Currently this just gives me the token without authorizing it.

-Shane

By default the class uses session variables to store previously retrieved tokens. This can be changed by overriding a couple of functions in a sub-class if you need it.

So, as long as the user session is valid and the token did not expire, the class will no longer redirect the user to make him authorize again.

Also, some sites like for instance Facebook and others, do not show the dialog asking the user for authorization again if he previously authorized your application. So if the class redirects the user to the authorization page, the OAuth server will redirect the user back to you with a token with the granted authorization.

In this case the user can revoke access from the source site.

This only occurs the first time the user accepts, but if they revoke access, they can still go to the application without being asked to allow access again.

I would like for the users to be prompted if they revoke access, but this doesn't happen.

Any help would be appreciated.
Thanks

In that case you need to notify the user to provide permission by coming to the page where you make him go through the OAuth authorization process again.

This is what happens in the PHPClasses site when an user that authorizes the site application revokes the authorization later on the OAuth server site.

As I said the class uses PHP sessions by default to store access tokens. PHP sessions use cookies that expire when the user exits the browser. So next time the user comes to the site, the class will no longer have access to sessions that stored the access tokens. This will make the class go through the authorization process again.

In any case, I can add a function to invalidate access tokens just in case the user has not exited the browser after he revoked the authorization.

That would be awesome! And exactly the type of behaviour I'm looking for.

I understand that it stores the cookie, but the user can revoke access from the site at any time, and not just when closing the browser.

Could you let me know if/when you have implemented the function?

This API has made oAuth so much easier!

Shane

I have just added the function ResetAccessToken for that purpose. Just let me know if it solves the problem.

Hi Manuel,
It no longer has the token, but does not try to re-authorize the token.

It just returns the error Invalid 'OAuth Request', and since I enabled debug the php.log looks like :

[13-Nov-2012 12:43:48 UTC] OAuth client: The OAuth access token '<TOKEN>' is valid
[13-Nov-2012 12:43:48 UTC] OAuth client: The OAuth access token is of type bearer

Cheers,
Shane

After you call the ResetAccessToken the user needs to go through the authorization page again.