Authenticate with OAuth7:26 with Alena Holligan
We're going to set up token based authentication for our application. The application asks to share specific information between the sites. When the user chooses to grant permission, a token is stored on their machine. This will allow users to connect their GitHub account to our application.
MAKE SURE that the $appUrl does NOT end with a slash
More About Sessions
Sessions are a way to make data accessible across your entire website. A session creates a file in a temporary directory on your websites web server. This data will be available to all pages on the site during that visit.
When a session is started following things happen:
PHP first creates a unique identifier for that particular session which is a random string of 32 hexadecimal numbers such as 4j7foj34c3jc373hjkop2fc937e3253.
A cookie called PHPSESSID is automatically sent to the user's computer to store unique session identification string.
A file is automatically created on the server in the designated temporary directory and bears the name of the unique identifier prefixed by sess_ ie sess_34j7foj34c3jc373hjkop2fc937e3253.
When a PHP script wants to retrieve the value from a session variable, PHP automatically gets the unique session identifier string from the PHPSESSID cookie and then looks in its temporary directory for the file bearing that name and a validation can be done by comparing both values.
A session ends when the user closes the browser. The server will also terminate the session after a predetermined period of time, commonly 30 minutes.
Why would I want a GitHub account?
Because GitHub is the social network of developers. Having started as a developer’s collaborative platform, GitHub is now the largest online storage space of collaborative works that exists in the world. It's the place where you will start contributing to open source, sharing projects and allowing others to see your work. If you are looking to build a career as a developer, GitHub can be an extremely important resource.
What happens if a user does NOT grant permission to share data?
They can either choose the back button or "Visit application’s website" which takes them to the $appUrl you entered. If a user does not grant permission, they only have access to the home page. We could allow users, who are not authenticated, to search and view repositories without the ability to watch/un-watch.
Removing the Token
The token is stored in session storage. If you need to remove the token for any reason, you can drop it by Login::dropToken() or $login->dropToken()
You need to sign up for Treehouse in order to download course files.Sign up