php - How to use OAuth2 Browser based authentication, and then verify the record on the server -
i have browser-based app (single page, angularjs) , using hello utilize 3rd party signin such google, fb, soundcloud, etc.
my app uses php api server.
what's way have user able login using google, verify user on server side?
i considering:
the browser app performs implicit grant google/fb/etc i transfer access_token client server, use, example, google-api-php-clientapp id, secret , user access_token? using api such /me? (which grant type be?) retrieve key third-party (facebook_id, email, etc), match against user in database, , consider user authenticated? also, should perform on each api request? or should stash access_token bit , assume user still valid until key expires?
one issue not of providers back upwards implicit flow. assuming do, access_token each proof user authenticated system, not have access phone call your api. still need asserts "someone@gmail.com can 'read' resource x in system"
you need translates whatever google, soundcloud, etc. token app understands. simple(r) format utilize jwt. (json web tokens).
app -> intermmediary -> soundcloud/google <-jwt--+ <---whavetever-+
and then:
app - (jwt) -> api
jwt easy manipulate, validate , verify. see jwt.io
you might want @ this blog post additional info (specifically on angularjs front-ends)
php angularjs oauth-2.0
No comments:
Post a Comment