Don’t know the difference between a grant type and an auth code? Know the difference but not sure how to implement OAuth 2.0 in your own application? In this talk I’ll start with OAuth 2.0 basics, then jump into implementation details using The PHP League’s oauth2-server library.

Comments

Please login to leave a comment

Good, clear explanation by Ian, but there’s no escaping the fact that OAuth is fiendishly complicated.

Some more in depth code examples would be nice, other than that it was interesting to see the different types of auths.

Ian Littman (Speaker) at 13:19 on 25 Jan 2020

@Wesley yeah, code was there but ended up not having enough time to show it. Will work on getting smoother delivery so I can show the code rather than just saying "it's in the companion repo"

Jos Elstgeest at 14:24 on 25 Jan 2020

Love the depth and technical point of view. Oauth is a complicated beast

Niels C at 10:24 on 27 Jan 2020

I was implementing the PHP League’s oauth2-server the week before the conference, so great timing for this talk!
I did find it was brought a bit dry, it is of course a rather technical topic. Maybe focus a bit more on the why or on a more A-Z scenario on adding auth to a php application?
When I was implementing the oauth-server, the grants and oauth2 spec where quite clear but I had a lot of questions about using sessions or not, how should I do this securely with single page application, how can I abstract google/fb login behind my own authorization server, ...

Maybe once it was clear you can implement oauth with "vanilla" js and php, for the other grants and flows maybe only focus on the differences when showing the code examples?

Mentioning the openid connect was very interesting, I didn't know much about that and will definitely check it out.

A clear overview, well-structured & explained. Thank you.