Opauth: Multi-provider authentication framework for PHP, inspired by OmniAuth (opauth.org)

15 points by uzyn ↗ HN
Just released v0.1.0 today. https://github.com/uzyn/opauth

If you are familiar with OmniAuth for Ruby, Opauth basically does the same thing, except for PHP.

Gave a talk on it today at Singapore PHP User Group. My deck: https://speakerdeck.com/u/uzyn/p/opauth-an-introduction

Opauth is still very new and I still need to work on the documentations a lot, especially tutorials and the wiki.

17 comments

[ 3.1 ms ] story [ 54.3 ms ] thread
Just released v0.1.0 today. https://github.com/uzyn/opauth

If you are familiar with OmniAuth for Ruby, Opauth basically does the same thing, except for PHP.

Gave a talk on it today at Singapore PHP User Group. My deck: https://speakerdeck.com/u/uzyn/p/opauth-an-introduction

Opauth is still very new and I still need to work on the documentations a lot, especially tutorials and the wiki.

Excellent library - has lotsa potential!
Standardize interface for all OAuth providers. Extensible.
Not really just OAuth but it should work with even proprietary authentication providers as long as there is a compatible Opauth strategy for it.
Nice, is there a Wordpress plugin in the works? I'm sure that a lot of people would be interested in this.
That's definitely one of the top frameworks/CMS to support. I'll get on with it if no one has started when I'm done with CakePHP-Opauth and Opauth's documentations.
Awesome, thanks! I've been dying to switch off RPXnow :)
Thanks, this looks pretty awesome! Also posted it to r/php as well:

http://www.reddit.com/r/PHP/comments/tzil2/opauth_multiprovi...

Now to go play with it some more... :)

Thanks for cross-posting it at Reddit. I'm statix on Reddit and just left a comment at your post. :)
No prob :) And good job, this looks really useful!

A few months back I had to integrate the usual auth providers and was it ever a hunt to find the best scripts for it. I ended up with tmhOAuth for Twitter, LightOpenID for OpenID and Google, and handling Facebook somewhat manually. Will be seriously looking at this as a replacement, and for my next project too.

It's an interesting project, I have only one concern, it's how you throw errors, actually just echoing the error message with some html tags is not the best way to communicate with the developer. What would be great is to throw exceptions with an error message. But please, no more echo in a php library!
I really wish this was around 2 years ago when I made a site that used openid in PHP. I've dealt with so many nighmares of it I just threw it all away and now send people an email every time they want to log in. How do you deal with supporting every different little configuration of PHP servers? I had huge problems with having to put a hack into the code for lightopenid in order for it to work on my webhost, but that hack broke it on my machine.
I set a minimum requirement of Opauth Core to be PHP >= 5.2 (though technically it runs fine on >= 5.0) and tries as best as I could to not introduce any unnecessary dependencies, which is the reason why cURL isn't bundled and basic HTTP calls are made through get_file_contents(); and hashing is done through iterations of salted sha1() instead of bundling 3rd party encryption scheme.

Yes, file_get_contents() is not that great, but strategy developers can choose to require cURL if they want, just that Opauth Core doesn't require it.

I'm the developer of Requests (https://requests.ryanmccue.info/) which might be something for you to consider bundling with Opauth. There's a whole host of problems with using file_get_contents on various hosts, hence why cURL is so often used.
Thanks for that. Requests looks interesting. Opauth can consider bundling that to the core and replace my simple wrappers of file_get_contents().
file_get_contents() had huge problems working for me on my host. I think it was HTTPS, but I could be wrong.