OAuth2 for PHP REST web service security
Question
We are working on a PHP REST web service in our web app. Web service returns output in JSON format. Currently, anybody can view the web service's output from a URL. For example;
https://www.example.com/services/contacts/1000
Using above URL, anybody can view contact details for contact id 1000.
We have an authentication system in web app which uses simple email/password combination.
How can we use oauth2 for authentication for PHP REST web service? If I am correct, this has nothing to do with Google.
1 answers
solution1
0 2014-11-18 11:36:04
Usually OAuth2 providers offers 4 authentication flows to use:
- Authorization Code,
- Implicit,
- Resource Owner Password Credentials and
- Client Credentials
If you want more details, you can read this nice post with explanation.
The first flow - Authorization Code - is the perfect to use with web server applications (like you, using server side code with PHP).
You'll exchange data with the OAuth2 provider inside your PHP script using the cURL functions to send and read sensitive data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.