Lorna Mitchell has posted the next part in her series looking at working with OAuth in PHP, showing how to authenticate the user making the connection to your OAuth-enabled web service.
This phase is probably the most familiar to us as developers, as it's simply a login form. The consumer will send the user to us at the URL we provided in the request token, and the user will have the request token key as a parameter. The access control on this page will look the same as on the rest of the website; if the user has a session already then the page is displayed, otherwise they must be logged in to see it.
She talks about verifying the authentication token passed in (from the value already generated and put into a database table), the grant/deny process and the information to update in her sample table when the user falls into the "granted" side of things. She also briefly mentions the optional callback that can be passed to a service like this and how to handle its value.