New Open-Source Launch: A PHP-based Proxy to NPR’s OAuth Server
I love my job and the work that I've had the opportunity to do here at NPR; I have no desire to go anywhere else. However, if there's one thing I wish we'd improve within our development team, it's our lack of contribution to the open-source community. Nearly all of our code is proprietary; we very rarely release anything to the public. So, it's with no small amount of pride that I can finally say we launched an open-source project today!
That said, ironically, releasing this package will likely be a bigger deal to my team than it will be for potential users. I'm on the NPR One Platform team, and our goal is to expand NPR One to platforms beyond the mobile apps that we develop in-house. Our strategy is to work with third-party developers and empower them to build NPR One apps themselves, which we’ve accomplished by opening up our API and providing thorough documentation. This approach has worked well so far, allowing us to launch on Amazon FireTV and justDrive™, and leading to partnerships with many other apps currently in our development pipeline.
Despite these early successes, the #1 piece of feedback our team has received from our partner developers is that implementing our OAuth flow has a steep learning curve (we use the OAuth 2.0 protocol to secure our endpoints). Since you cannot really do anything with our API until you have an access token, this can be an early blocker to folks who want to test out our API on their platform. We’ve done our best to continue to improve our documentation, but we wanted to do more to remove any barriers that might prevent a developer from engaging with NPR One.
As a result, we are releasing working, well-tested code to act as a proxy for our OAuth platform. We even use this code in production ourselves! In short, in open-sourcing this package, our team hopes to:
- Provide a quick-start tool to help new third-party developers generate access tokens almost out-of-the-box
- Present the source code as a companion to our documentation, providing a real-world example of how to build an OAuth client
- Assist existing partners with implementing refresh tokens, which we will begin to gradually phase in for both old and new clients before the end of the year
As for why we chose PHP: the majority of our products here at NPR are written in PHP, and we believe PHP is the most accessible language for outside developers. It’s still one of the most widely-used programming languages on the web; even the simplest shared hosting server supports PHP. And even if you’re not a PHP developer, the hope is that you can still fairly easily read and understand the source code.
[sudo] composer install npr/npr-one-backend-proxy
This project assumes that you have already registered for an account at the NPR One Developer Center and have your client_id and client_secret ready. If you do not already have a Dev Center account, you can register for a personal account and get started immediately.
Check it out and let us know what you think!