All geek questions in one place

Apigility and oAuth for users

I am going to get started with an application with a leisure API and I want to use apigility. Unfortunately, there is one problem with this idea. I cannot find a reliable source of information on how to enable oAuth authentication for regular users.

I need to provide access for an angular application and my own mobile (possibly in the future for third-party web applications). All the resources that I have found relate to providing api access for a specific client application, and not for specific users who use these applications. I do not want to implement two different authentication methods, so if there is a way to solve this problem with apigility, that would be great.

Do you have any suggestions on this? I know that I can generate a client identifier and a secret for all registered users, but this seams a little shitty decision, and I have a database schema already for storing user information.

+4
source share
1 answer

What you are most likely looking for is a password type. In this case, you will have a way to register users and their passwords, and then the "login" screen. This login screen will send the following information:

  • Username
  • password
  • client_id is the OAuth2 client identifier (not the user id!) for the application
  • "grant_type": "password"

, client_secret ! , , - .

, OAuth2 , TTL refresh_token (, TTL, ).

: ": ". Apigility .

. , ZF\Mvc\Identity ACL!

(http://bit.ly/apigility-users), - .

+8

Source: https://habr.com/ru/post/1541332/

More articles:


All Articles