Home > Development, Dokkeos, English, security, Techie > Making web services with OAuth: Just what we need

Making web services with OAuth: Just what we need

Reading PHP Architect’s November 2008 issue (and in particular the Google Gadgets article by Timothy Boronczyk), I remembered reading a name yesterday (on the Elgg.org features list) that I have seen very often and which I never  got to the bottom of: OAuth.

Well, today I decided that this ignorance was enough and that it was time to get there and see what it is… and it just happens to be exactly what we need in Dokeos to secure our web services! Isn’t that great?

OAuth, to quote the website, is:

[…] the standardization and combined wisdom of many well established industry protocols. It is similar to other protocols currently in use (Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc). Each protocol provides a proprietary method for exchanging user credentials for an access token or ticker. OAuth was created by carefully studying each of these protocols and extracting the best practices and commonality that will allow new implementations as well as a smooth transition for existing services to support OAuth.

To complete this definition (for those who don’t know any of the aforementioned protocols), OAuth allows a web service client to get access to a web service (server) through a secure authentication method.

And guess what? They also have a set of libraries, which include a PHP library under the MIT License (thus compatible with GPLv2, the Dokeos’ license) which is in fact just a small PHP script that acts as a server (and another that acts as a client). Using OAuth, Dokeos will be able to provide web services to a selected public through a secure authentication process, or consume other webservices from external sources.

2009 is starting really well! Love it.

  1. Alfredo Barrientos
    October 7, 2009 at 11:13 am


    How can i consume Dokeos’Web Services from Visual Studio 2008? I create the Web Reference but i cant use any methods.

    Thanks in advanced,

    Alfredo Barrientos

    • ywarnier
      October 7, 2009 at 11:43 am

      Hi Alfredo,

      You have to use an authentication method based on the secret key found in the main/inc/conf/configuration.php of your Dokeos install. I believe the method for crafting the security key is explained in the sources of main/webservices/registration.soap.php. What errors do the web service give you (it should be all self-explanatory).

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: