Authenticate Restful cakePHP 2.3

Question

I have two cakePHP apps on 2 different servers. One app is required to get data from the first one; I have succeeded to put the Restful architecture in place but I failed to implement an authentication procedure to the requests the server sends. I need to authenticate to secure the data. I have looked around on the web but can't seem to get it working. Can anyone point me to a resource / tutorial that explains this in detail. What I would ultimately need would be a way to authenticate my server every time it sends a request to the other server. Any help would be appreciated.

Answer 1

I finally got it to work after some research; indeed one of the solutions is OAuth. In case you are facing the same problem, I can advise you this Plugin made for CakePHP. In details what I did was put the OAuth Plugin into my API Server and I used it like so for my restful controller:

class RestObjectController extends AppController {
public $components = array('RequestHandler', 'OAuth.OAuth');
public $layout = FALSE;

public function token() {
    $this->autoRender = false;
    try {
        $this->OAuth->grantAccessToken();
    } catch (OAuth2ServerException $e) {
        $e->sendHttpResponse();
    }
}
public function index() {
    $objects = $this->Object->find('all');
    $this->set(array(
        'objects' => $objects,
        '_serialize' => array('objects')
    ));
}

The function RestObject.token() is what I would call to get an Access token which will be used to give me access to the Resources in my controller. (Note that by declaring OAuth in my controller components, all the resources within my controller will need an access token to be accessible). So on the client Server I would get an access token in the following way:

public function acquireAccessToken(){
    $this->autoRender = FALSE;
    App::uses('HttpSocket', 'Network/Http');
    $link = API_SERVER."rest_objects/token";
    $data = array(
            'grant_type' => 'client_credentials',
            'client_id' => 'xxxx',
            'client_secret' => 'xxxx'
    );
    $response = $httpSocket->post($link, $data);
    if($response->code == 200){
        $data = json_decode($response->body, true);
        return $data['access_token'];
    }
    return FALSE;
}

This assumes that you have clients already set up as explained in the Plugin Doc (replace xxxx by the real values for the client credentials). Once I have my access token, all I have to do is use it as follows:

public function test(){
    $this->layout = FALSE;
    App::uses('HttpSocket', 'Network/Http');
    $httpSocket = new HttpSocket();
    if($access_token = $this->acquireAccessToken()){
            $link = API_SERVER."rest_objects.json"; //For the index as e.g.
            $data = array('access_token' => $access_token);
            $response = $httpSocket->get($link, $data);
    }
}

And here you have it! So start by reading the Oauth Specification to understand the Protocol (in particular the Obtaining Authorization part), see which protocol (can be different from the one I used) applies and adapt to your case by using the Plugin

Tutorial Here