In my previous article, we covered some of HTTP's basics, such as the URL scheme, status codes and request/response headers. With that as our foundation, we will look at the finer aspects of HTTP, like connection handling, authentication and HTTP caching. These topics are fairly extensive, but we'll cover the most important bits.

In this article, they talk about things like the HTTPS secure version of HTTP, server-side connection handling, identification/authorization and working with caching and cache control headers.

Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases. The standard response I've gotten for years was/is "well, everyone's needs for authentication are different". No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.

He points out that by not having something a user can immediately deploy that's been well tested and relatively risk-free, it can introduce security holes as a developer is "left to fend for themselves". He suggests that the "not everyone's the same" mentality that seems to go with authentication/authorization isn't as valid as once thought. He does point out that both Symfony2 and Zend Framework 2 come with ACL functionality, but no common user handling. He mentions ones in a few other tools used in other languages too like Devise in Ruby, Spring Security in Grails and a membership system in ASP.NET.

Oauth is an open standard for authorization that allows secure authorization from web, mobile and desktop applications. This standard allows a third-party application to gain access to a HTTP service, i.e. it enables users to share their resources from one website with another website without having to give out their credentials (usually username and password). [...] Oauth authorization is carried out in 3 steps: obtain a request token, authorize request token and exchange request token for an access token.

They introduce you to some of the basic concepts behind OAuth and how the process works (complete with a handy graphic). They then show how to use OAuth to connect to the Facebook API, both in Javascript then PHP. This is followed with two other examples referencing popular social sites Twitter and Foursquare, hitting their APIs with simple authentication requests.

If you've ever integrated with another API that requires security (such as Twitter), you've probably consumed an OAuth service. In this article, I'll explore what it takes to create your own three-legged OAuth server allowing you, for example, to create your own secure API which you can release publicly.

They include a visual representation of the OAuth authentication flow (it's not the simplest thing) and the database structure/sample code you'll need to get the server up and listening. Also included is a registration form and how to generate a request token and give back an access token. There's also some sample code showing how to validate the request and it's access token to check for a correct (and allowed) request.

If you develop a web application, more often than not you have some kind of user section or admin panel where some kind of login identifies the user and protects your actions against usage from unauthorized people. It can be difficult to do functional tests with this kind of pages as you need to simulate some session or cookie context. In this tutorial, I want to show you how to test your functional pages with symfony2 and phpunit.

He includes a "bad way" to do it, cheating by making a client and feeding it the HTTP auth credentials, and a more correct way involving the "requestWithAuth" method that's called whenever the "request" is called to push those credentials along with every request. Code for this basic function is included.

Lately I've been playing around with the CloudVPS ObjectStore, which is currently in beta phase. This blogpost shows the options of this ObjectStore in a practical way and concludes with a summary of commands you can use yourself to interact with it and some ideas. For this post, I assume you are familiar with cURL, REST and HTTP headers.

He shows how to make the requests for:

• Authentication
• Working with containers
• Adding files to a container
• Setting access permissions

This is meant to be a short, easy-to-follow tutorial to help you get started with Zend Framework 2.0 and add perhaps one of the most common modules, ZfcUser. By the end of this tutorial, you'll have a simple ZF2 application with user registration and authentication capabilities.

He breaks it up into a three different steps:

• Getting the skeleton
• Setting up a database connection
• Installing ZfcUser

He also provides some links to other handy resources and libraries you can use to extend the ZfcUser functionality with things like ACL support, two-stage signup and Github authentication integration.

You can make and receive phone calls and send and receive text messages using TwiML (Twilio Markup Language) and their REST API. You can work directly with the API, or use one of the available helper libraries. The library I'm using is twilio-php, which is the library released and officially supported by Twilio.

He shows you how to use the Twilio API library to create a connection object to their REST API and perform various actions like sending an SMS and placing a phone call. the code to built the multi-factor authentication is also included - a user login/password is checked against a database and a form is displayed (depending on if they want to voice call or SMS).

This post is going to describe how I've ending up designing, what I consider to be a fairly RESTful web API. I'm far from being an expert, and this is definitely the closest thing to a RESTful API that I've ever created, so I'm not even experienced with REST APIs. [...] Until about 6 months ago, I'd always been sceptical of creating RESTful APIs, but I think I've had a few pennies drop since then that have made me fairly confident that I grasp the basics pretty well.

He touches on topics like: authentication, the Richardson Maturity model, HTTP verbs, sample request and response messages and some BDD-style tests to predict the output of a basic request.

On December 21, 2011 Stefan Koopmanschap wrote an excellent article on this blog titled "Painless (well, less painful) migration to Symfony2." [...] We were very much inspired by his passionate elucidation and we were fully convinced of the urge to start migrating to Symfony2 as soon as possible. However, he also provided us with a "A word of caution" about 2 things: performance and authentication/authorization. This might get some people worried, but not us: it challenged us to find a solution for those two open issues.

They explain why these two things are a problem and some of their solutions they've created - a .htaccess for routing and manually replicating the Symfony2 session in the Symfony1 code. Included in the post are the rewrite rules and code to make these two things happen (and a small configuration change to make them work).