Author Archives: lornajane

20 May
2011

PHP OAuth Provider: Request Tokens

I’ve been working with OAuth, as a provider and consumer, and there isn’t a lot of documentation around it for PHP at the moment so I thought I’d share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus’ OAuth Provider post.

The consumer requests a request token (see my earlier post about consuming OAuth), and as a provider, we need to handle that request. In my example, I chose to pass the variables as GET parameters, but you could adapt this to handle POST variables or information contained in HTTP headers.

OAuth Provider Code

We have the same block of code called on every request where we’re negotiating OAuth, and it looks like this:

$this->provider = new OAuthProvider();

// set names of functions to be called by the extension
$this->provider->consumerHandler(array($this,'lookupConsumer'));
$this->provider->timestampNonceHandler(
array($this,'timestampNonceChecker'));
$this->provider->tokenHandler(array($this,'tokenHandler'));

// no access token needed for this URL only
$this->provider->setRequestTokenPath('/v2/oauth/request_token');

// now check the request validity
$this->provider->checkOAuthRequest();

Continue reading

17 May
2011

A Prototype API for Joind.In

Following the principle of “release early, release often”, I put live a very early version of the v2 API for joind.in today (so that I can use it in another project!). I haven’t updated the documentation yet but in case anyone was thinking of consuming data from joind.in, this at least gives you an idea of the direction of the project so I thought I’d share.

Things you need to know:

  • The service is an HTTP Web Service. Meaning it’s RESTful apart from when it isn’t
  • The endpoint is here: http://api.joind.in
  • You can fetch data about events and talks (read-only) at this point
  • Formats available are HTML or JSON. The service will guess from your accept header but you can override it with ?format=json or ?format=html
  • If you need more columns than you get by default, you can add ?verbose=yes to your request
  • Pagination is available, with parameters resultsperpage (default 20, set to zero for no limits) and start (default zero)
  • The service supports OAuth1.0a, which isn’t useful at this point as we’re read-only but it will come into play as we add functionality

Examples

Events list: http://api.joind.in/v2/events

Information about DPC11: http://api.joind.in/v2/events/603

Talks at DPC11: http://api.joind.in/v2/events/603/talks

Your Thoughts

Comments are welcome on this post. Bugs and feature requests should go to http://joindin.jira.com, read more about Joind.in and its community at http://joind.in/about

12 May
2011

Idiot-Proof Deployment with Phing

disclaimer: I am not underestimating the universe’s ability to produce idiots, the point I’m trying to make is that I haven’t managed to make any deploy mistakes using this approach. Yet.

Once upon a time, a long time ago, I went onto a conference stage for the very first time and said that I thought I might be the world’s ditsiest PHP developer. I actually still think that is pretty true, and if you work with me then you will know that I mostly break and fix things in approximately equal measure. With this in mind, when I launched my own product recently (BiteStats, a thing to automatically email you a summary of your analytics stats every month), I knew that I would need a really robust way of deploying code. I’ve been doing a few different things for a few years, and I’ve often implemented these tools with or for other organisations, but I don’t have much code in production in my own right, weirdly. I decided Phing was the way to go, got it installed, and worked out what to do next.

Continue reading

10 May
2011

PHP OAuth Provider: Initial Requirements

I’ve been working with OAuth, as a provider and consumer, and there isn’t a lot of documentation around it for PHP at the moment so I’m sharing my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus’ OAuth Provider post.

OAuth Pages and Endpoints

OAuth has a little more baggage with it than just passing a username and password to an API. As well as your standard service endpoint you will need:
Continue reading

06 May
2011

Book Review: Confessions of a Public Speaker

I received “Confessions of a Public Speaker” as a gift this winter (you know who you are, thankyou!), and it’s been on my bookshelf waiting for me to have a reason to sit still long enough to read it. A series of long flights presented exactly that opportunity so I brought the book along to read, which was perfect as I was travelling to give a tutorial at the PHP Community Conference in Nashville.

My first observation was that although I thought this would be a pretty serious book, I was laughing! Not just smiling, but actually giggling on a fairly small plane of people doing the short hop over to Amsterdam. I saw a few people trying to read the cover to figure out what this great comedic tome would be :)

Continue reading

05 May
2011

Git Tip: What Did I Just Merge?

As a lead on an open source project, I spend a lot of time merging awesome contributions from our community into our main repo on github. Sadly, some of them are slightly less awesome (rarely but it does happen) and I sometimes need to unpick what happened to understand the problem and give good feedback. Since the project is hosted on Github, this means having some git tricks up my sleeve, and I thought I’d share.

I have the main repo cloned onto my local machine. Before I do anything, I fetch and merge from the origin and then push back to it, so I know my repo is in sync with the github one. Then I fetch the branch I want to merge – usually one that we’ve got a pull request for. To see what’s in the branch:

git log [branch] --not master

This is nice because it doesn’t show what’s in the master branch of this repo but missing from the incoming branch, it just shows me what’s new on this branch.

I can diff and merge at this point, but more than once I’ve merged and then wondered what changes I have in my repo that aren’t in the github one (this is where it is helpful to have fetched from the remote one first). I have the github repo mapped as “origin” as per the excellent documentation so I can just do:

git diff origin/master..HEAD

This shows me the differences that are in my current repo as compared to origin/master, which is the tip of the main repo shown at the version it was when I last fetched it. I particularly use this when I’ve merged someone’s changes in for testing and am wondering quite what was supposed to happen – sometimes just reading the diff beforehand isn’t enough, it’s only when I get the code merged I realise something unexpected is happening!

03 May
2011

New Netbook Feet

I have a small netbook that I use for events, which I’ve had for a few years and keep upgrading with various bits and pieces. This year, all the little rubber feet had dropped off so if you put it on a surface, it kind of slid around, which was annoying. It occurred to me that I’d bought some sugru at Maker Faire this year, so I broke it out and made new feet for my netbook (and a little keyboard where the same thing had happened)

Sugru Feet for Netbook

Sugru is like slightly toxic plasticene when you first get it out of the box, but it sets like strong rubber. In fact it was perfect for this, the finished feet feel securely attached and they’re slightly squishy so they absorb the shock of me typing or the issues of a slightly uneven surface. Perfect!

15 Apr
2011

Script for Database Patching at Deploy Time

I’ve written before about a simple way of patching database versions and there’s a much more comprehensive article from Harrie on TechPortal as well. I often find though that projects with patching strategies are missing the scripts to apply these automatically when the code is deployed, so I thought I’d share mine.

My current project (BiteStats, a simple report of your google analytics data) uses a basic system where there are numbered patches, and a patch_history table with a row for every patch that was run, showing the version number and a timestamp. When I deploy the code to production, I have a script that runs automatically to apply the patches.

Continue reading

12 Apr
2011

Invalid Protected Resource URL in Pecl_Oauth

I had a funny (funny weird, not funny haha) problem the other day when working with pecl_oauth in PHP to talk to a service. I’d gone through all the handshaking steps, got the acces token and was ready to start talking to the service itself. However when I tried to call OAuth::fetch, I got an error message:

Fatal error: Uncaught exception 'OAuthException' with message 'Invalid protected resource url, unable to generate signature base string'

There are two things to notice about this. The first one is that I should be catching exceptions thrown by this code :) The second is that I could see nothing wrong with my url, http://api.local. It turned out, after some experimentation, that what is missing here is a trailing slash, and if I supply http://api.local/, everything works perfectly nicely! I’m unclear if this is intended functionality or not, but if you see this error message and you’re requesting a URL with no path info, make sure you have a trailing slash.