Reputation: 195
Implementing Two-Legged Oauth2 in ZendFramework 2 with Apigility
I am trying to build a ZendFramework2 Rest API and want to implement two-legged OAuth2 authentication.
I have been looking around and can not find any resources to help point me in the right direction with this.
Has anyone done this before or know of a good source I am missing?
Upvotes: 1
Views: 82
Answers (1)
Reputation: 44356
In OAuth you can make access tokens client specific by assigning a client_id.
This client_id can be stored in some local storage on the client side and reused on the next user login from that client.
When the user logs in first time from a new client (no client_id in the storage for this user) then a new client_id is created and some 2nd verification step can be added to this part of the authentication process. For example sending an text message to his phone number. You could add an expires_at field to the client table so that you can repeat this process if the client_id has expired.
Upvotes: 2
Related Questions
- Basic HTTP and Bearer Token Authentication
- What is the purpose of the implicit grant authorization type in OAuth 2?
- Understanding REST: Verbs, error codes, and authentication
- Consume a third-party API protected with Oauth2 in Django
- How to secure RESTful web services?
- Two-legged OAuth - looking for information
- Securing a REST API written in PHP with OAuth2 client credentials flow
- Implementing a 2 Legged OAuth Provider
- Two-legged OAuth2 Example in Java?