rest - OAuth access token for internal calls -
i'm tyring build api driven symfony2 web applicaiton.just basic application learn symfony2 , rest.
it based on restful api. calls api authenticated using oauth.
for e.g.: if client application wants data (information fruits) through api need make request url , pass access token parameter.so url this.
http://www.mysite.com/api/fruits.json?=<access token>
now problem needing same data in 1 of actions well.
i need here.in order get data above url in 1 of actions need send access token in url.
how access token??
should there fixed token used such calls within application??
you basic application project grow manifold if try want here.
basically, need implement authentication server this. i) first, app should registered scope;
ii) using app user logs in authentication/authorization server.
iii) server verifies if app has access scope , if user registered in system.
iv) server creates access token (which hmac signed string) , returns app.
v) app hits endpoint (restful api) token.
vi) restful service internally sends token server , fetches customerid call made , performs actions it's supposed to.
i wrote answer once on how create oauth service/provider - how efficient oauth2.0 server / provider work?
also, oauth designed such client apps/3rd party software can access user's resources on behalf. simple example = app posting on facebook wall on behalf. accessing resource own (the wall) , posting it. not need oauth data - there other ways secure api.
Comments
Post a Comment