Thanks Shane! Would love to check out your product.. Can you send a link? -- Message typed on a tiny keyboard. Forgive me for any typos!
On Feb 29, 2012, at 9:59 PM, Shane B Weeden <[email protected]> wrote: > 1. Yes, client credentials sounds right for what you described. Think of it > as lightweight b2b authentication in that sense (but two steps - one to get > a token, and another to use it). > 2. Can't help you with source - but do have a product-based solution :) > 3. Absolutely it should for the resource server, but the answer may depend > have same dependency on the implementation you use. > > Regards, > Shane. > > > > From: Pete Clark <[email protected]> > To: "[email protected]" <[email protected]> > Date: 29/02/2012 06:50 PM > Subject: [OAUTH-WG] Securing APIs with OAuth 2.0 > Sent by: [email protected] > > > > Hey all, I've joined the list because I'd like to use OAuth 2 to implement > security for a new set of REST APIs I'm developing for a client. I'm > coding with PHP, but my questions are more general. Right now, there will > be only one web site that uses the APIs, in a server-to-server fashion, and > currently we don't have a need for a third party application to gain access > to user data, such that a user would need to authorize that app. We do, > however, want to have that ability down the road. My question is, can I > still use OAuth 2 in some way to implement our first phase? From what I've > read, it seems like the "client credentials" flow is the one I want to use > for now. Can someone: > > 1) Confirm that that's what I should use for this first phase? > 2) Point me to an implementation of this flow (in any language) that I > could use or port to PHP? I've found some libraries for php but can't > really tell, being new, if they offer the "client credentials" flow > 3) Answer one more question.. Will using the client credentials flow now > allow me to move to one of the user-authorizes-external-app flows down the > road without having to reimplement or throw away the client credentials > flow code? > > I apologize for all the questions, but these would really help point me in > the right direction.. Thank you for reading! > > Sincerely, > Pete > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
