Padraic Brady has posted about a new inclusion that Google has announced will be included in the authentication methods for their APIs - OAuth.

The Google Data API support comes with a few gotchas. Its documentation show a clear preference for using GET instead of POST, though the Google OAuth server does appear to natively support POST requests for everything with the exception that it has a small bug which interprets an empty POST request body as a sort of phantom empty parameter.

He notes that the library he's been working on (and submitted to both the Zend Framework and PEAR) it up to the 0.0.3 release including functionality marked as beta for the Consumer portion.

Padraic Brady has posted about another OAuth library that he's started up, one that's ready to be integrated with the Zend Framework reborn as a Zend_OAuth component (see his proposal code).

I've spent some time over the last week, and I have completed an initial pass at writing an OAuth Consumer in PHP5. I'm biased, but it's a nice chunk of code capable of fairly routine POST based OAuth requests using either an Authorized header, or a raw url encoded POST request body. My main remaining task is final cleanup, included refactoring, rolling my final set of acceptance tests into PHPUnit from SimpleTest, and adding support for HTTP GET, RSA, and a storage API so tokens can be saved in the background rather than outside the API.

Example code is included showing how to connect to the ma.gnolia bookmarking service and grabbing the response body from the request. He has a few more things to finish up before it's ready to go (backend storage, reworking the handling of web service API interaction, etc).

Padraic Brady has gone back to a previous project, working with OAuth, and some thoughts on it and its possible implementation in both the Zend Framework and PEAR.

Starting yesterday, I opened up my IDE, updated PHPUnit, and got cracking. At the current rate of development a Consumer is likely at the weekend. I've already started writing up a formal proposal for PEAR and, of course, the Zend Framework also. I'm thankful the OAuth specification is this simple - it's one of the easiest to read specifications I've had to pleasure to work with.

He notes that an update to the API's Core (from 1.0 to 1.1) might be on the horizon, but can't see it affecting extensions/packages that much. He also mentions Extensions - not PHP extensions, these are augmentations to the OAuth core that allow for other different functionality to be included (like Discovery).

Since it's been moved up into the "Final Draft" stage in its proposal process, Padraic Brady wanted to blog about this latest update for the OAuth Specification, a standardized protocol that allows secure API authentication from both desktop and web applications.

Because I love all things OpenID related and am an OpenID "pusher" in Europe (blame the OpenID Europe Foundation membership on Snorri Giorgetti), I'll be proposing a PHP5 implementation of OAuth to the Zend Framework (assuming no other OAuth proposal) and PEAR (PEAR because that's now the home of my OpenID For PHP library under proposal).

You can get more information about OAuth from the project's website.