Skip to content

Two Leg OAuth Authentication For Layar in PHP

Well it took me like few hours to get this to work, so I am sharing my solution in case anyone gets in the same place I was.

Initially, I should tell you that I tried php-oauth (http://code.google.com/p/oauth-php/) which is probably the most complete library I found for PHP, but too complicated for what I wanted to do.

I also tried the PECL extension of PHP, (http://pecl.php.net/package/oauth) in which, in version 1.0.0 I was unable to get OAuthProvider to perform a Two Leg Authentication. (I think there might be a bug having to do with passing callback functions as arrays – part of the class)

So eventually I found another OAuth library (http://oauth.googlecode.com/svn/code/php/OAuth.php) that I could get a super striped down server to actually work (http://gist.github.com/360872)

Long story short, use this code in your layer to authenticate layar service:

require_once 'OAuth.php';
 
$key = 'xxxxxxxx';        // Set this accordingly both here and to the Layar layer configuration
$secret = 'xxxxxxxxx';
 
$consumer = new OAuthConsumer($key, $secret);
$signature = new OAuthSignatureMethod_HMAC_SHA1();
$request = new OAuthRequest( $_SERVER['REQUEST_METHOD'], 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] );
 
if( !($valid = $signature->check_signature( $request, $consumer, null, $_REQUEST['oauth_signature'])) ) {
      exit;
}

As mentioned by Rasmus on his really good tutorial on PECL OAuth extension (http://toys.lerdorf.com/archives/55-Writing-an-OAuth-Provider-Service.html) a nice and pretty secure way to generate the secret/key pair for OAuth to use could be the following snippet:

<?php
 
$fp = fopen('/dev/urandom','rb');
$entropy = fread($fp, 32);
fclose($fp);
 
// in case /dev/urandom is reusing entropy from its pool, let's add a bit more entropy
$entropy .= uniqid(mt_rand(), true);
$hash = sha1($entropy);  // sha1 gives us a 40-byte hash
 
// The first 30 bytes should be plenty for the consumer_key
// We use the last 10 for the shared secret
 
print_r(array(substr($hash,0,30),substr($hash,30,10)));

I just wish someone at Layar mentioned somewhere that this is a “Two-Leg” authentication for us that were not familiar with OAuth. It would have saved me a lot of time searching for the right answer :)

Posted in PHP.

Tagged with , , , , , , , .

No comments

By mobius July 29, 2010

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »