I am developing an API using Codeigniter and Phils RESTserver.
I need to have authentication working with oAuth but I cannot find a library
that works with both Codeigniter and MongoDB.
Is it simple to create the oAuth process myself? I know it is hard to answer
not knowing my level of expertise.
This is my understanding of the oAuth process.
User clicks on link and are redirected to the servers login form.
User will be asked to authorize the developers app.
If he does authorize it he is redirected back to the developers website.
On this website the code that he got from step 3 will be exchanged for an access token.
Developers app will now be able to access the users account on the server.
I know there are parameters to be sent along with the requests like client_id and client_secret and redirect URL. But my question is. Is it this easy to implement an oAuth server? Just create the classes and functions? What else are the requirements to
be able to call the process a true oAuth authentication?
Thankful for all input!
Have you had a play with this?
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Alex has also written a Mongo library, so if his server doesn't support Mongo out of the box then just have a play with that. Just because your API is in Mongo though doesn't mean the api keys, tokens, etc HAVE to be in Mongo too, but they easily can be.
Related
I have an existing web application which is used for HR, managing tasks, sending forms and so on.
My client wants me to integrate Microsoft's multi-factor authentication when signing resources, forms and other stuff.
For now, the signing process is just a token that is generated and sent by email, so the users have to click a link to sign it. My goal here is to give users the possibility to also choose to sign whatever they're signing with multi-factor authentication through their own Microsoft account.
The only thing I've done so far is managing to log in and authorize with the Microsoft Graph API and get Calendar events and other stuff from the user.
Of course, I've googled a lot - but I haven't found the right documentation for my use case. So I need someone to pin point me to the right documentation for my use case. Can anyone help me with that?
Based on my investigation on this issue, I have not seen a direct way of signing files and other resources as well as enabling MFA via the Graph API. I however saw a feature request related to enabling MFA via a Graph API call here. Please consider upvoting it
I'm trying to integrate oAuth2 in my website. I'm using the library of bShaffer on GitHub: https://github.com/bshaffer/oauth2-server-php
I've seen some screencasts about how oAuth2 works and so on, so I know enough things. But what I don't really understand is: how do I pass the username/email or other data about the user?
I mean: my website will be the identity provider and I need to authenticate the user to another website. Now, when the user logs in, how do I pass its username or something other?
I don't find anything about how to pass data in the oAuth2 Server php documentation. Just found something about how do I pass the userID, but nothing more. Am I missing something?
Thanks.
I'm working on a project where I'm developing a platform. As a solo-developer I made the decision to use Lumen as a PHP back-end and create an RESTful API.
Web shops should be able to install a plugin so they can access the API without having to code themselves.
I need to keep track of the web shops that use the API. I just need the same way to retrieve access tokens like Twitter and Facebook do when you register an app.
So I was thinking about OAuth2 Server but I have never used it before so I'm not sure if I'm on the right path...
If you want your own OAuth2 system then yes you will need a server running it.
The idea of OAuth2 is to authenticate your clients where a shop equals one client.
OAuth2 is not about individual users but clients. With that idea in mind you can setup an OAuth2 server and its only job would be to authenticate each request, make sure it belongs to a recognized client and then issue a token.
With that token you can then go on and issue more requests to actually interact with the system you are building. This is a very high level view of the entire system, of course.
There can be multiple variations on this, how tokens are issued, what type they
are etc. I prefer JWT ( JSON Web Tokens ) as it's JSON and thus lightweight.
A quick search revealed this: http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/
I do have my own article on building your own OAuth2 system, however it is based on dot net not PHP. You are welcome to use it though maybe it will help clarify the concept.
Here's the link : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
I am implementing https://github.com/bshaffer/oauth2-server-php which is a library for PHP with oAuth 2.0. My question however is as part of the installation their are two tables that are confusing me. One is user_table and the other is client_table. The way it works though is it uses the credentials from the client table to generate a key. So what im wondering is what's the purpose of the user_table?
I already have an existing table for my users and I wanted to authenticate using the username and passwords in there so I was wondering how I go about doing that. Thanks for any help and I am just trying to wrap my head around the purpose of the user table especially since I don't see any use of it on the github example.
That seems to be a framework for building an "OAuth2 Authorization Server". Assuming your app has "resources" that need protection (via an API), users of your app are the "Resource Owners". "Clients" on the other hand, are "clients of your API" (often 3rd party apps), that your users would want to give access to.
OAuth is in essence a resource access delegation system: user X from your app, gives app Y access (through an API) to resource Z managed in your app and owned by X.
If all you want is to authenticate external users to your app, that is: outsourcing authentication to someone else (e.g. LinkedIN, Twitter, etc), you are probably looking at the wrong fwk.
I'm trying to implement a transient oAuth authentication for a web app I'm creating. Essentially, the user needs to login with the Service each time they visit my web app. Primarily it's to enable using the web app without me having to store any of the user's authentication data. I'm trying to use the Tumblr API.
My platform of choice is PHP. However I've never really worked with oAuth before and and am still learning. The following scenario illustrates what I'm trying to achieve:
The scenario assumes that:
The user has already authorized my application in their Tumblr account.
Using my Tumblr Consumer Key, Tumblr Consumer Secret, I call to get request_token, which I later display to the user via a link.
Now on clicking the link above, I expect Tumblr to NOT to ask user to allow the app again (authorize in their account) and simply redirect user back and returning some info that will allow me to distinguish the user. There is no $_SESSION as user is trying login to the website using Tumblr
Is this even possible? If yes, can you help me figure out how to get this done?
Ps. I'm a complete oAuth Noob so please be gentle :)
If you are trying to use Tumblr in a way similar to Facebook Connect, Tumblr does not offer this feature at the moment. ie: you can not use Tumblr to log into your site.
Tumblr's OAuth implementation will allow you to have the user allow access for your app to the users account indefinitely. Which means that your app will always be able to access the users account, whether they are logged into your site or not. They will still have to log into your site each time they want to access your app.
Here is a solid guide to OAuth. Tumblr uses OAuth 1.0 :
http://hueniverse.com/oauth/