Securing a REST API written in PHP with OAuth2 client credentials flow

Heidar,

I am currently working on a similar project and this is what I found so far.

Oauth is officially to authorize a website with a other resource on the web, Facebook found the whole seperation of autorization and authentication to confusing for its developer base, and started using Oauth for both. Since it its a major player developers have been tagging on.

Even though I am not really sure what you mean with the Identity part in your statement, that you need "identity, authentication and authorisation."

You can use Oauth for the other two, deducted from the fact that all big internet companies do so (best I can do for you on this front,Oauth docs say it is only for Authorization).

Google offers a client library that is maintained quite well: http://code.google.com/p/google-api-php-client/wiki/OAuth2

further more, for server side library I would turn to oauth2-php as you refer to, at https://github.com/quizlet/oauth2-php But please see this post for more details: Are there OAuth 2 server side PHP or Java implementations?

and on the part of the 3-legged authentication please see the answer here (it's really extensive but explains it well) OAuth 2.0: Benefits and use cases — why?

Please keep in mind though that I am still struggling with actually implementing this.