Making web services with OAuth: Just what we need

Reading PHP Architect's November 2008 issue (and in particular the Google Gadgets article by Timothy Boronczyk), I remembered reading a name yesterday (on the Elgg.org features list) that I have seen very often and which I never  got to the bottom of: OAuth. Well, today I decided that this ignorance was enough and that it was time to get there and see what it is... and it just happens to be exactly what we need in Dokeos to secure our web services! Isn't that great? OAuth, to quote the website, is:

[...] the standardization and combined wisdom of many well established industry protocols. It is similar to other protocols currently in use (Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc). Each protocol provides a proprietary method for exchanging user credentials for an access token or ticker. OAuth was created by carefully studying each of these protocols and extracting the best practices and commonality that will allow new implementations as well as a smooth transition for existing services to support OAuth.

To complete this definition (for those who don't know any of the aforementioned protocols), OAuth allows a web service client to get access to a web service (server) through a secure authentication method. And guess what? They also have a set of libraries, which include a PHP library under the MIT License (thus compatible with GPLv2, the Dokeos' license) which is in fact just a small PHP script that acts as a server (and another that acts as a client). Using OAuth, Dokeos will be able to provide web services to a selected public through a secure authentication process, or consume other webservices from external sources. 2009 is starting really well! Love it.