We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Phalcon 2.0 oAuth2 secure REST API

I never used oAuth2 but I seen this is a good way to secure web services and authorize certain application to use certain web services. But I don't know where to start.

I read some article about oAuth, I checked some Github repositories and tutorials but I don't know how I can use them.

Could you help me to understand oAuth2 and if this is the good way to secure my REST API ?

Hi, the simple info about oAuth2 you can see here: oauth2

More, less it's all about getting a secure way between your app and a service to access some goods from them. You can achive it by getting a token from the service, wchich make you a friendly authorized user.

For example in my e-commerce I have integrated some payments on-line, and there I had to use oAuth2 to create payments in my App.

edited Jan '17

Thanks for your answer. Do you have some snippet to implement oAuth2 on my rest api ? I don't know how can I add oAuth2 to phalcon.

Hi, the simple info about oAuth2 you can see here: oauth2

More, less it's all about getting a secure way between your app and a service to access some goods from them. You can achive it by getting a token from the service, wchich make you a friendly authorized user.

For example in my e-commerce I have integrated some payments on-line, and there I had to use oAuth2 to create payments in my App.

There's a few different ways. I used namespaces.

I registered a namespace of my OAuth2 class

<?php
$loader->registerNamespaces(array(
            'App\Backend\Controllers' => '../app/backend/controllers/',

            'App\Backend\Models' => '../app/backend/models/',

            'PayPal' => '../app/xxx/PayPal/', //I had the oAuth2 class included in paypal class

        ));

Then in Controller:


<?php
use PayPal\Auth\OAuthTokenCredential; //including OAuthclass

class IndexController extends \Phalcon\Mvc\Controller
{
     public function authAction()
     {
        $oAuthToken = new OAuthTokenCredential(
              'hashClientID',     
              'hashClientSecret'      
          );
// using some service with oAuth2 token, for example paypal API
          $apiContext = new ApiContext($oAuthToken);
            $apiContext->setConfig(
                            array(
                               //some configurations
                            )
                    );
                    ...
                    ...
                    ...
                      try {
                        //Create Payment
                          $payment->create($apiContext);
                      } catch (Exception $ex) {
                     //errors
                      }
    }
}


7.6k

Great Link! recommended for everyone!

Hi, the simple info about oAuth2 you can see here: oauth2

More, less it's all about getting a secure way between your app and a service to access some goods from them. You can achive it by getting a token from the service, wchich make you a friendly authorized user.

For example in my e-commerce I have integrated some payments on-line, and there I had to use oAuth2 to create payments in my App.

I'd recommend you consider HMAC for your API auth, it's much more simple and not less secure.

I've heard about json web tokens

Has anyone used this method of authentication?



7.6k

I don't use that, but it's my 3rd time when i see JWT question ;) if you need to have multiplatorm i think that's good idea, but if you have to exchange data betwen phalcon instances you can use https://docs.phalcon.io/en/3.0.1/api/Phalcon_Crypt.html

I've heard about json web tokens

Has anyone used this method of authentication?

Thanks for your anwsers but really... I don't know where to start with oAuth2 and how to implement it in my REST API. JWT and hmac look very nice.

Try to paste some of your code. Would be helpful

Thanks for your anwsers but really... I don't know where to start with oAuth2 and how to implement it in my REST API. JWT and hmac look very nice.

Hi if still someone is searching for ready made solution for oauth2 + rest api i made a basic functionality core with users roles / permisions and integrated 2fa (google or pin or you can implement your own) you can get it https://github.com/bilikaz/phalcon-rest-api (yeap it lacks documentation, tests but for general purpose i gues it will help lots of people ;))