Hey all, I've joined the list because I'd like to use OAuth 2 to implement security for a new set of REST APIs I'm developing for a client. I'm coding with PHP, but my questions are more general. Right now, there will be only one web site that uses the APIs, in a server-to-server fashion, and currently we don't have a need for a third party application to gain access to user data, such that a user would need to authorize that app. We do, however, want to have that ability down the road. My question is, can I still use OAuth 2 in some way to implement our first phase? From what I've read, it seems like the "client credentials" flow is the one I want to use for now. Can someone:
1) Confirm that that's what I should use for this first phase? 2) Point me to an implementation of this flow (in any language) that I could use or port to PHP? I've found some libraries for php but can't really tell, being new, if they offer the "client credentials" flow 3) Answer one more question.. Will using the client credentials flow now allow me to move to one of the user-authorizes-external-app flows down the road without having to reimplement or throw away the client credentials flow code? I apologize for all the questions, but these would really help point me in the right direction.. Thank you for reading! Sincerely, Pete _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
