PHP authentication OAuth2

2

I'm doing a Restful web service, is OAuth the best way to authenticate and work with token?

Is it possible to use OAuth2 to authenticate via username and password?

    
asked by anonymous 06.04.2015 / 03:03

1 answer

2

Authorization through the OAuth protocol is the primary form of authorization I use in my applications. It is possible for clients to gain access to the application's resources using access tokens, which can be obtained by providing a user name and password, or a token update.

It is therefore possible to obtain an access token using a username and password - see section 1.3.3 of RFC 6749, which specifically addresses this type of access:

link

What I do is the following:

  • If the user does not have an access token, it provides the user names and password for the application, which through an authorization server , obtains a pair of credentials that are a token ( access token ) and an update token (refresh token);
  • Next obtains a new access token pair + update token can be obtained by supplying the previous update token, and so on;
  • This way the user does not have to provide his user name and password every time his access token expires: simply change the update token to a new access token.
06.04.2015 / 14:09