Have I understand OAuth2 logic correctly?

1
votes

I would like to build a stand alone API that would server at first place old fashion non-singlepage web application and in future mobile app or AngularJS powered front end.

For the authentication I was thinking of OAuth2 with own server: https://github.com/lucadegasperi/oauth2-server-laravel

Should I setup three different applications, one for OAuth server just for authentication, one for "webapp" (controllers and views) and one for API? I guess API would take care of all user data except password?

Should I save the auth token in cookie/session in my webapp and send it to the API in every request?

2
laraveloauth-2.0

2 Answers

0
votes

I am curious about this as well.

I have been doing some research and I have found that if you want to have your own Oauth2 server then you should use http://oauth2.thephpleague.com/. I recommend implementing this and not using a wrapper that someone already wrote. The reason being is you will learn more about Oauth2 and it doesn't take a lot of time.

You will then need to use the Oauth2 client to connect to your server. You should use Guzzle to send the requests.

So if my understanding is correct then you would have your API backend server, authentication server, and your front end server.

-1
votes

For authentication , Consider using Laravel/Socialite