Reputation: 85
Handling Multiple OAuth2 Tokens
I'm curious about using two APIs that both utilize OAuth2 authentication in the same application. A simple webpage as an example would work just fine in this case.
I tried to find resources to explain the use of the OAuth2 tokens and how they relate to the session. Do you have multiple tokens for multiple APIs? Can you modify a token in session so that it relates to multiple APIs? Even if you can do that, is it a good practice to do so?
I've looked at a couple of OAuth2 implementations with PHP and the GMail example, but haven't found anything to explain it as well as I'd like.
Any information or links to information would be greatly appreciated. Thanks.
Upvotes: 0
Views: 323
Answers (1)
Reputation: 2176
You have two options: the first is to request authorization for each API (say Drive and G+, etc), but the second option is to enhance the scope of your first request to include both.
In the G+ Platform docs, step 2 of Basic Steps explains that you are allowed to use multiple scopes in a request: https://developers.google.com/accounts/docs/OAuth2
Ideally, your user will only need to grant access one time for everything you need.
Upvotes: 3
Related Questions
- Correctly storing Google OAuth access token
- google OAuth 2 new tokens always expired
- Handling multiple google signed-in users using oAuth
- Google+: Get access_token for already authorized accounts through PHP client library
- Google Authentication Using PHP Library OAuth 2.0
- Multiple OAuth2 access tokens for single application?
- Check if user has already logged-in via google API oauth2
- Google OAuth - how to reuse access token
- Google with oauth 2
- oAuth with PHP (for google api)