Auth systems/OAuth/Library
< Auth systems | OAuth
http://pear.php.net/package/HTTP_OAuth
- New BSD License
- last update 2011-07-16
- 2200 lines of PHP (only 1050 excluding tests and examples)
- Consumer depends on HTTP_Request2 but Provider appears to have no such dependency.
- Can be bundled in a fake PEAR tree with include_path set appropriately
- Minimal reference documentation.
- Only supports one signature method, which is just a single hash_hmac() call.
- Fairly awkward request handling, but we can just rewrite it if this is all we need. Our own equivalent library written from scratch would be ~300 lines (with only the provider part).
PECL Extension
- last updated 2012-10-01
- "This pecl package is considered the de facto standard by Rasmus Lerdorf."
- History of security-relevant bugs (dangling pointer, uninitialised stack pointer dereference, heap overflow in HTTP input handling)
- 3800 lines of C
- No package in Ubuntu
- Minimal reference documentation. Has a provider tutorial.
http://code.google.com/p/oauth-php/
- MIT License
- Last update Nov 2010
- No dependencies, easily bundled (but needs to be in include_path)
- Needs add-on PHP file inside library tree to store via MW's DB layer, no simple callback interface provided
- 6800 lines of PHP
- Brief reference documentation in doc comments only. Has a provider tutorial.
- Security of the SQL store was totally broken until March 2011
- Namespaces
- Recent development
- License?
- 568 lines of PHP.
- No need to bother integrating such a small library, just write it from scratch if this is all we need.
https://github.com/hwi/HWIOAuthBundle
- 3600 lines of PHP
- Includes UI
- Supports two signature methods: HMAC (with hash_hmac) and RSA (with openssl_sign)