2
I’m doing a Restful web service, Oauth is the best way to authenticate and work with token?
You can use Oauth2 to authenticate via user and password?
1 answer
2
Oauth protocol authorization is the main form of authorization I use in my applications. Through it it is possible that customers gain access to resources of the application using access tokens, which can be obtained by providing a username and password, or an update token.
You can then get an access token using a username and password - check section 1.3.3 of RFC 6749, which specifically deals with this type of access:
http://tools.ietf.org/html/rfc6749#Section-1.3.3
What I do is this:
- If the user does not have any access token, he provides the usernames and password for the application, which through a authorization server, gets a pair of credentials that are an access token (access token) and an update token (refresh token);
- The following obtainments of a new pair of access token + update token can be obtained by providing the previous update token, and so on;
- This way the user does not need to provide his username and password whenever his access token expires: just, invisibly for him, exchange the update token for a new access token.
Browser other questions tagged php restful
You are not signed in. Login or sign up in order to post.
Right, the clients table I could not understand, so I understood I register a client there type web client, mobile ?
– Leandro Costa
That’s what I’m talking about. The advantage of using clients to broker getting access tokens is that you can create several - one for each need, or revoke one (or more) of them. See this section of RFC, which deals specifically with the log of access clients: http://tools.ietf.org/html/rfc6749#Section-2
– Rodrigo Rigotti