In a new post to his site Alex Bilbie looks at a good approach to simplifying the OAuth 2 authorization flow for a device and some of the simple PHP that can power it.

When signing into apps and services on devices such as a Playstation or an Apple TV it can be immensely frustrating experience. Generally you will ordeal something similar to one of the following scenarios: The utterly terrible experience whereby you don’t have anything other than an onscreen keyboard [or] A slightly less terrible experience whereby you can pair a bluetooth keyboard to enter your username and that crazy long password.

[...] There are some apps however - such as Youtube for Apple TV - that have a much better end user experience.

He talks more about this better experience involving a simple code presented to the user, a special URL to link the device and the typical OAuth-ish authorization page to link the request to your account. He then explains how it would work with a PHP backend: making the request to the auth server, returning a message with the codes and URL to pass along and the "device code" it responds with. He also includes a few examples of error responses for polling too quickly, pending authorization and a denied request. This is all based on the (currently in draft) OAuth 2.0 Device Flow Grant currently in the works.

As is mentioned in this Reddit post, the PHP-FIG group has moved a new autoloader structure proposal into "Draft" status, making it past the initial proposal (Entrance Vote) level as PSR-4.

This new autoloader has been in the works for a while, and is meant to be a modern autoloader that reflects the changes in the PHP landscape since PSR-0 was originally put together. Yesterday it passed the Entrance Vote, which means its now a formally worked and supported by the FIG.

While PSR-0 is new to many, its been around for years - since before Composer was really a thing - and PEAR/SF1/ZF1 were the prominent sources of distributed code. Now that so many are building components with Composer and using PSR-0 (yay) it's about time a new standard took care of a few hangovers from the PEAR/Zend style.

The newly proposed autoloader gets rid of some of the allowances that PSR-0 included like proper namespace support (no more underscores) and a reduction in the required folder structure to make it work. The Composer project is also a part of these discussions and are on board with making these proposed changes in the project's autoload handling.

We'd love to get constructive feedback on PSR-4. Post stuff up here, on the mailing list, get in #phpfig on freenode, whatever, just get involved. That doesn't mean everything will be implemented, but there is more chance of the standard containing your feedback if you make it - so post something.

Padraic Brady has posted the third chapter of his "Zend Framework: Surviving The Deep End" book. It focuses on the Models in the Model-View-Controller (MVC) applications.

Today Chapter 3, The Model, has entered the online book. Apart from some early jitters when PHPIDS (an intrusion detection system I use) lost the plot and commenced a vendetta against Opera, the new chapter is fully operational.

If you get these first chapters, you'll notice that there's some color coding going on with status labels. Padraic is using this to give you some feedback as to the level of completion a certain chapter is in. He notes:

I've decided to start noting in these announcements that these early Chapters are akin to drafts. While they are written as complete units, it's intended to revisit them every few weeks for improvement until a final version emerges to be forever immortalised as a first edition of the book.

Pádraic Brady has a quick update today pertaining to the PHPSecInfo project - a new manual (currently in development).

I'll keep adding to it over the days, weeks and months ahead. The current form is going to be mainly a draft. When it's done, I'll go through it and do some serious editing. Next priority is getting in the material on actually using and implementing PHPSpec...

You can find the manual at http://dev.phpspec.org/manual/ with quite a bit of content already filled out. Topics currently covered include installation guides, your "first steps", testing the code and some examples of it in use.

Pádraic Brady has a quick update today pertaining to the PHPSecInfo project - a new manual (currently in development).

I'll keep adding to it over the days, weeks and months ahead. The current form is going to be mainly a draft. When it's done, I'll go through it and do some serious editing. Next priority is getting in the material on actually using and implementing PHPSpec...

You can find the manual at http://dev.phpspec.org/manual/ with quite a bit of content already filled out. Topics currently covered include installation guides, your "first steps", testing the code and some examples of it in use.

Since it's been moved up into the "Final Draft" stage in its proposal process, Padraic Brady wanted to blog about this latest update for the OAuth Specification, a standardized protocol that allows secure API authentication from both desktop and web applications.

Because I love all things OpenID related and am an OpenID "pusher" in Europe (blame the OpenID Europe Foundation membership on Snorri Giorgetti), I'll be proposing a PHP5 implementation of OAuth to the Zend Framework (assuming no other OAuth proposal) and PEAR (PEAR because that's now the home of my OpenID For PHP library under proposal).

You can get more information about OAuth from the project's website.

Since it's been moved up into the "Final Draft" stage in its proposal process, Padraic Brady wanted to blog about this latest update for the OAuth Specification, a standardized protocol that allows secure API authentication from both desktop and web applications.

Because I love all things OpenID related and am an OpenID "pusher" in Europe (blame the OpenID Europe Foundation membership on Snorri Giorgetti), I'll be proposing a PHP5 implementation of OAuth to the Zend Framework (assuming no other OAuth proposal) and PEAR (PEAR because that's now the home of my OpenID For PHP library under proposal).

You can get more information about OAuth from the project's website.

Soenke Ruempler has posted today about something they found a need for in their group and wanted to create something they could share back with the community when it was done - a Message Queue System developed in PHP.

You'll find a Draft for a php-based messaging system below. We'd be glad if we get some comments from the readers. Because we're heavily using open source we want to give something back to the community and make the message queue system open source. And, yes, if someone is planning something like this or already knows a solution, please let us know, too. We don't wanna reinvent the wheel!

He fleshes out the proposal by describing it in three sections - the problem the need came from, some of the existing solutions the web has to offer (including the Java Message Service and IBM's XMS messaging) and the actual draft of the implementation including the architecture, scalability, a name (none yet) and where they're going from here.

Soenke Ruempler has posted today about something they found a need for in their group and wanted to create something they could share back with the community when it was done - a Message Queue System developed in PHP.

You'll find a Draft for a php-based messaging system below. We'd be glad if we get some comments from the readers. Because we're heavily using open source we want to give something back to the community and make the message queue system open source. And, yes, if someone is planning something like this or already knows a solution, please let us know, too. We don't wanna reinvent the wheel!

He fleshes out the proposal by describing it in three sections - the problem the need came from, some of the existing solutions the web has to offer (including the Java Message Service and IBM's XMS messaging) and the actual draft of the implementation including the architecture, scalability, a name (none yet) and where they're going from here.

To get himself more familiar with the whole MVC scene, Jacob Santos has decided to jump in feet first and work up his own controller class to see how things work.

I've decided it would have been a mockery to PHP developers, if I had taken up writing about MVC, which I still barely know anything about. However, I have been working a little bit with Page Controller Pattern of MVC. I decided I could write what little I do know and let someone with more knowledge fill in the blanks. Helping myself and others in the community.

He looks at the types of page controllers (if blocks, directory, and object methods) and, for each, provides a simple code example (with the exception of the object method) to give a clearer picture of what a controller does.

He also includes an update to the post that points to Cgiapp2 as exactly what he was looking for in his MVC mission.