Adding OAuth 2.0 authentication to a RESTful API Adding OAuth 2.0 authentication to a RESTful API symfony symfony

Adding OAuth 2.0 authentication to a RESTful API


api rest symfony oauth-2.0

As far as I undesratnd your requirement, you require to authenticate your APIs via external OAuth Authorization Server:

  • Client needs to provide the access token retrieved in the above stepsalong with the request to access the protected resource. Access tokenwill be sent as an authorization parameter in the request header.

  • Server will authenticate the request based on the token.

  • If token is valid then client will get an access to protected resource otherwise access is denied.

here is an example which might help you to achieve your requirement. Check this document .

Or simply, you can do with Jersey and Oauth

Also, you can check Apache Oltu and figure out the way to achieve your requirement.

api rest symfony oauth-2.0

A lot of the big companies like Google, Facebook etc have a separate authorization server from the API server. Check out Google's OAuth authorization flow below Google OAuth Authorization

You can also check Google's OAuth Documentation for the details.

So all you would need to do is implement a OAuth Provider so that you can authorize against that provider. There's a list of libraries available on the OAuth website: http://oauth.net/code. You can specifically look here; there is an example for running an OAuth Service Provider in Java.

api rest symfony oauth-2.0

oAuth can most definitely be a server other than your application server. Below is a picture of what the authentication sequence would look like:

enter image description here

-- Obviously, if the forum can't decode or validate the token, the forum would return a 401 status code instead of a 200 status code.

As long as your oAuth server & the Forum share the same public key, you're more than okay with splitting your oAuth Server & your application.

In fact, take a look at jwt.io. Paste the token you get from the oAuth server into there. It should be able to decode the token right away. Then, you can put your public key into the 'secret' text box to verify the token is verified.

Your application (Forum, in this example) should be able to do the same:

1) Grab the token from the Authorization header of the request

2) Decode the token

3) Check the expire date

4) Verify the token using the oAuth's public key

5) Return successful status code or a failure status code

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last