OAuth can be anything you want it to be, the standards are lax and give you plenty of room for getting the right implementation for your system. However you proceed, though, you'll need to check an access token on every request - and in a Slim application, a middeware can help enormously since it hooks in to every request by design. I've recently implemented this and thought I would share. Continue reading
Slim framework has recently invaded my life, I picked it up for a hobby project, recommended it to a client who then contracted me to do quite a lot more development, and it's also used for m.joind.in. One thing that has tripped me up a couple of times is how to return not-HTML from Slim as it just bins any headers you try to send yourself. I think also that the "right" way to do this may have changed between versions as I also found some examples that didn't work! What did work for me was this:
$app variable is the Slim\Slim instance for your application, once you have that, you can just add on any headers you need to with this call to
header(). It wasn't obvious to me and there weren't a lot of resources for this, so I thought I'd share!