OAuth is an open standard for cross site authorization and authentication, what it means is you can authorize a site(consumer of service) to access your profile data in another site (an OAuth service provider) without giving away the login name/email and password.
There is one comprehensive tutorial at hueuniverse
Here is how it works, below is the diagram that illustrate the flow between the consumer site and the service provider.
A service provider is the site with whom you are registered. Yahoo, twitter and google are great examples.
The consumer sites, uses these service to integrate or fetch in you profile from these sites.
The oauth_consumer cakephp component provides you with the essential classes required.
Thanks to Daniel Hofstetter for coming up with this helpful component.
You can download it from here.
oauth_consumer
This class acts like a facade for all the communication between you and the oauth service provider.
For this exercise let us build an application for twitter which tweets on behalf of the user.
You first have to login to twitter and create a new application.
At the end of creating a new application with twitter, you get a key and secret for your application.
To initiate the oauth authorization process,
$consumer = new oauth_consumer(key, secret);
Second step is to retrieve a request token from the service, step A in the diagram.
you do this by invoking
$request_token = $consumer->getRequestToken(request_token_rul);
you need this request token for requesting the authentication.
Third step is to redirect the user to the twitter and request the authorization, for this you need to redirect the user to twitter with the request token you just acquired
$this->redirect(twitter_oauth);
Ater this step, user sees a login page of the twitter if he has not already logged in, or is asked with a question whether twitter should allow this application to access you personal data.
Once the user authorizes on twitter, twitter redirects the user to the consumer callback url, with the same request token and request_verified id.
At this point, application has the authorization to acces the user’s data, this data is specific to each service provider.
Fourth step is to access the data, you need an access token composed of a key and the secret.
You need the access token for all your requests to access the user data.
$access_token = $consumer->requestAccessToken(access_url, $request_token);
Fifth step is to actually access the twitter data or modify it, depending on the kind of application you have.
In this exercise, let us tweet on behalf of user
$consumer->update($access_token, "hey, just registered with #XYZ applicaiton, this is koool");
The above message will soon appear in your and your followers time line, with the tweet source as XYZ .
