This module is not a end user product and doesn't provides anything by itself. It provides a base for all OAuth based modules and should be installed if the module you want to use depends on it.
This project is in an incubation phase. The raison d'etre for this project is to provide an extensible set platform quality API for the Drupal community to build upon.
Designed with a few goal is mind:
High-quality APIs take a lot of hard work to create. This module started the API design, specification, and review process as I started committing code to the source repository for other to contribute. This module is not intended to replace OAuth, but is more a good candidate for Drupal Core integration. (see #1148990: Add an oauth identity provider to core)
- Low footprint, lightweight, fast
- No modules dependencies
- Using PECL native OAuth extension. This pecl package is considered the de facto standard by Rasmus Lerdorf. That provides a known, non-Drupal-specific API (easier for new people coming to Drupal) as well as a very easy way for Sites With Root(tm) to speed up their Drupal site.
- Can be extended with any PHP Library by implementing the DrupalOAuthAdapter interface.
- Focus on providing a consistent framework for managing external identities to programmer instead of a end-user module.
- High integration with Drupal framework: Makes use of native Entities. An OAuth application is an entity, like node type, there is an application type: twitter, facebook, etc. Each new type can be defined via the field UI or by code. Because it extends the entity system, you gain the flexibility of fields, and you can easily extends and maintain your own representation of your application. (for instance if a provider needs an extra parameter in the base application, you can easily add a custom field for this specific provider).
- Provides a good base for any OAuth consumer and provider modules developer to create their own.
- Loose Coupling: Module is totally independant and make use of interface for dependency injection
- Fully implements 1.0a specifications
- Cross Site Request Forgery (CSRF) protection
With drupal 7 class registry, you don’t need to import any files to instantiate your OAuth objet, simply create it with your module name as a parameter and you’re done. This little snipet is a hook registered for a module 'twitter' handling authentication. The OAuth API module instanciate an oauth object for an application called 'twitter', by default use the application's type'.
<?php
/**
* Implements hook_oauth_info().
*/
function twitter_oauth_info() {
return array(
'twitter' => array(
'name' => t('Twitter'),
'base' => 'twitter',
'description' => 'Adds integration with the Twitter microblogging service.',
'version' => '1.0',
'token table' => array(
'token length' => 64,
),
),
);
}
/**
* Implements hook_oauth_authenticate; Starts a Twitter authentication.
*/
function twitter_oauth_authenticate(DrupalOAuthConsumer $oauth) {
// 1. Establish a requestToken.
$request = $oauth->getRequestToken('https://twitter.com/oauth/request_token');
// 2. Direct user to Service Twitter.
if (!is_null($request) && $request['oauth_callback_confirmed']) {
$authentication_url = 'https://twitter.com/oauth/authenticate';
header("Location: $authentication_url?oauth_token=" . $request['oauth_token'], TRUE, 302);
} else {
watchdog('twitter', $message, $variables)
}
}
/**
* Implements hook_oauth_callback; Process an OAuth response from Twitter.
*
* This function basically load the user who authorized our app. Then identify
* the user with its unique Twitter token, check for correspondance in the
* authmap, and create a new user if the ref does not match.
*
* Direct call to this function is protected by a code generated on request
* token call.
*/
function twitter_oauth_callback(DrupalOAuthConsumer $oauth) {
// 3. Request an accessToken from Twitter.
$access = $oauth->getAccessToken('https://twitter.com/oauth/access_token');
// 4. Finalize the login operations.
$oauth->authenticate($access['user_id'], $access);
}
?>
Some modules like Views, OAuth and so have so much code and dependencies to maintain that it takes time to port it to next Drupal platform. By keeping the base code small, we ensure that we can keep up to date with the last platform in a very reactive manner. Also, by controlling the component size, we make the module very dependable, as the number of potential bugs will be controlled.
Having installed PECL OAuth requires administrators right on the server, for people who can't have it installed an interface is provided to wrap any PHP Library, actually any PHP implementation can work as soon as the Adapter class implements DrupalOAuthClient interface. The use of such a pattern (Adapter) grants great flexibility for both users, and programmers; by allowing implementation of OAuth 2.0 specifications without changing the client code for instance.
Features
- One click login: great user experience with integrated third party.
- Administrative task on identities of a user (Create, Delete).
- Administrative UI to manage OAuth based application for a non-programmer user; viewing keys and secret, adding or removing access to applications in the backend. This is purely an utility as you be able to do it by code.
- Static IoC for the OAuth object. Granting both flexibility and performance over the library you want to use (native, or php).
Nothing else, its kept minimal on purpose.
Features to come
- Full test covering and assuring a small code base, for maintainability.
- Implementing OAuth Provider
Project information
- Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed. - Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Developer Tools, Integrations
- Created by Sylvain Lecoy on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.