OAuth consumers for CakePHP

Consuming OAuth-enabled APIs with CakePHP

I currently provide two slightly different ways to consume OAuth-enabled APIs with CakePHP: a component and a consumer class. The consumer class emerged from the component and is a bit more flexible than the component.

Both classes require CakePHP 2.x (though the versions for the previous CakePHP 1.x are still available), and they use the (open source) PHP library for OAuth by Andy Smith. The classes are licensed under the MIT license.

OAuth consumer class

Download

(latest release: 2012-01-28, see also the changelog)

Or you can get it with: git clone git://github.com/cakebaker/oauth-consumer.git

If you are using CakePHP 1.x, please check out the cakephp_1.x branch.

Installation

Download the package
Extract the "Vendor/OAuth" directory to the "Vendor" directory of your application
Import the consumer class with App::import() (see below)

Example

This example performs the following steps:

Retrieve a request token from twitter
Redirect the user to twitter, where he has to authorize the request token
Exchange the request token for an access token
Use the (protected) API with the access token

Please note that in a real application you would store the access token (resp. its key and secret) in a database.

// Controller/ExampleController.php
App::import('Vendor', 'OAuth/OAuthClient'));

class ExampleController extends AppController {
    public function index() {
        $client = $this->createClient();
        $requestToken = $client->getRequestToken('https://api.twitter.com/oauth/request_token', 'http://' . $_SERVER['HTTP_HOST'] . '/example/callback');

        if ($requestToken) {
            $this->Session->write('twitter_request_token', $requestToken);
            $this->redirect('https://api.twitter.com/oauth/authorize?oauth_token=' . $requestToken->key);
        } else {
            // an error occured when obtaining a request token
        }
    }

    public function callback() {
        $requestToken = $this->Session->read('twitter_request_token');
        $client = $this->createClient();
        $accessToken = $client->getAccessToken('https://api.twitter.com/oauth/access_token', $requestToken);

        if ($accessToken) {
            $client->post($accessToken->key, $accessToken->secret, 'https://api.twitter.com/1/statuses/update.json', array('status' => 'hello world!'));
        }
    }

    private function createClient() {
        return new OAuthClient('YOUR_CONSUMER_KEY', 'YOUR_CONSUMER_SECRET');
    }
}

OAuth consumer component

Download

(latest release: 2012-01-28, see also the changelog)

Or you can get it with: git clone git://github.com/cakebaker/oauth-consumer-component.git

If you are using CakePHP 1.x, please check out the cakephp_1.x branch.

Installation

Download the package
Extract the "Controller/Component" directory to the "Controller/Component" directory of your application
Add the component to the $components array of your controller(s)

Example

The OAuth consumer component requires for each API you want to use a consumer class which is responsible to handle consumer key and consumer secret. You get those data when you register your application at the respective API provider (for this example you have to register your application at http://twitter.com/oauth).

// Controller/Component/OAuthConsumers/TwitterConsumer.php
class TwitterConsumer extends AbstractConsumer {
    public function __construct() {
        parent::__construct('YOUR_CONSUMER_KEY', 'YOUR_CONSUMER_SECRET');
    }
}

The main difference to the example with the OAuth consumer class is that you always have to provide the consumer name (in this example "Twitter").

// Controller/ExampleController.php
class ExampleController extends AppController {
    public $components = array('OAuthConsumer');

    public function index() {
        $requestToken = $this->OAuthConsumer->getRequestToken('Twitter', 'https://api.twitter.com/oauth/request_token', 'http://' . $_SERVER['HTTP_HOST'] . '/example/callback');

        if ($requestToken) {
            $this->Session->write('twitter_request_token', $requestToken);
            $this->redirect('https://api.twitter.com/oauth/authorize?oauth_token=' . $requestToken->key);
        } else {
            // an error occured when obtaining a request token
        }
    }

    public function callback() {
        $requestToken = $this->Session->read('twitter_request_token');
        $accessToken = $this->OAuthConsumer->getAccessToken('Twitter', 'https://api.twitter.com/oauth/access_token', $requestToken);

        if ($accessToken) {
            $this->OAuthConsumer->post('Twitter', $accessToken->key, $accessToken->secret, 'https://api.twitter.com/1/statuses/update.json', array('status' => 'hello world!'));
        }
    }
}

Questions? Feedback?

If you have questions, feedback, or you simply want to say "hi", contact me via Twitter (@dhofstet) or send me an email (daniel.hofstetter@42dh.com). Have fun :)