OAuth Explained
Intro
In this article I would like to describe implementation of an OAuth2 Client. Please keep in mind that this is not an authentification provider. To authenticate against third party services there are well maintained bundles that do just that. My target is to provide a solution to consume the API from the OAuth2 Server we provided in the previous articles.
Preliminary note: These posts have been copied from blog.tankist.de. As the site is down, I thought it was a pity that such good tutorial disappears. Enjoy it :)
- Part 1 – Principles and Terminology
- Part 2 – Setting up OAuth2 with Symfony2 using FOSOAuthServerBundle
- Part 3 – Using OAuth2 with your bare hands
- Part 4 – Implementing Custom Grant Type
- Part 5 – Implementing OAuth2 Client with Symfony2
Summary
Implementing custom authorisation mechanisms with OAuth2 and Symfony2 using FOSOAuthServerBundle is really easy. One other example when you need this, is when you implement an API which supports a mobile app, and one of the features is Facebook login on the mobile app. Then you need to somehow login user on the backend as well. The correct way to do this is passing a facebook access token through a custom grant extension to the backend, backend then makes a request to the facebook, to make sure the token is correct, finds out user from it, and gives back the mobile app an access_token with a backend user associated to it.