Reputation: 455
OAuth2 for PHP REST web service security
We are working on a PHP REST web service in our web app. Web service returns output in JSON format. Currently, anybody can view the web service's output from a URL. For example;
https://www.example.com/services/contacts/1000
Using above URL, anybody can view contact details for contact id 1000.
We have an authentication system in web app which uses simple email/password combination.
How can we use oauth2 for authentication for PHP REST web service? If I am correct, this has nothing to do with Google.
Upvotes: 0
Views: 2520
Answers (1)
Reputation: 3542
Usually OAuth2 providers offers 4 authentication flows to use:
- Authorization Code,
- Implicit,
- Resource Owner Password Credentials and
- Client Credentials
If you want more details, you can read this nice post with explanation.
The first flow - Authorization Code - is the perfect to use with web server applications (like you, using server side code with PHP).
You'll exchange data with the OAuth2 provider inside your PHP script using the cURL functions to send and read sensitive data.
Upvotes: 0
Related Questions
- How to handle authentication in PHP REST web service?
- OAuth2 security in REST GET API
- OAuth 2.0 Server for PHP
- Web Service Authentication - PHP
- Implementing OAuth to REST API
- How to secure a php based webservice
- How to secure web service api using OAuth 2.0 step by step in php
- Secure Web services with Oauth in PHP
- RESTful WebService Client in PHP
- RESTful web service Logins with PHP