PHP authentication Oauth2

Asked

Viewed 871 times

2

I’m doing a Restful web service, Oauth is the best way to authenticate and work with token?

You can use Oauth2 to authenticate via user and password?

1 answer

2

Oauth protocol authorization is the main form of authorization I use in my applications. Through it it is possible that customers gain access to resources of the application using access tokens, which can be obtained by providing a username and password, or an update token.

You can then get an access token using a username and password - check section 1.3.3 of RFC 6749, which specifically deals with this type of access:

http://tools.ietf.org/html/rfc6749#Section-1.3.3

What I do is this:

  • If the user does not have any access token, he provides the usernames and password for the application, which through a authorization server, gets a pair of credentials that are an access token (access token) and an update token (refresh token);
  • The following obtainments of a new pair of access token + update token can be obtained by providing the previous update token, and so on;
  • This way the user does not need to provide his username and password whenever his access token expires: just, invisibly for him, exchange the update token for a new access token.
  • Right, the clients table I could not understand, so I understood I register a client there type web client, mobile ?

  • 1

    That’s what I’m talking about. The advantage of using clients to broker getting access tokens is that you can create several - one for each need, or revoke one (or more) of them. See this section of RFC, which deals specifically with the log of access clients: http://tools.ietf.org/html/rfc6749#Section-2

Browser other questions tagged

You are not signed in. Login or sign up in order to post.