1
When the user opens the site, it is redirected to the login form where the authentication takes place.
On the server side the credentials are checked and a session is created, so that the application can access the messages, posts, personal data, etc... of the user in question by calling the restfull API.
The need to give permission to third parties to access the user’s data has arisen. I want to change the API to accept authentication via oauth.
When a request is made the API, it is checked if the session exists to allow access but in the case of oauth would have to skip the session and check if the token is valid.
A solution would be to use oauth on the site itself, i.e., the site would be API client with oauth authentication, eliminating the need for a session.
The point is, when a third party application tries to access the API, the user will have to allow access through a login on the site. With that in mind, if the site is also an API client, it wouldn’t be a looping?
Have you performed any test using Oauth 2.0?
– Anderson B. Magalhães