Best way to use OAuth to apply
I am creating AngularJS app with Laravel API. I've been looking for authentication for a couple of days, but I'm stuck.
I found OAuth 2.0 as a kind of default authentication, also used by Facebook and Twitter, and so on. Lots of tutorials I've found deal with using OAuth 2.0 with Facebook and Twitter or Google. But I don't want to authenticate the user with Facebook, but I want to create my own authentication using the user's credentials in my own database. Therefore, I think I need my own OAuth provider.
Authentication should be very secure and easy to connect for other companies that want to use our data (this is a web application for elementary schools).
I believe there are many answers to this question. But, I also believe that many people have the same question;)
Can anyone explain to me how to use OAuth 2.0 or a similar authentication method?
source to share
You're right - if you want to implement OAuth 2.0 you need to be your own provider (or authorization server). As your own provider, you can also skip some parts of the process (like the confirmation screen if the user really wants to grant this application the right to do so, etc.)
If you decide to go with OAuth 2.0, there is a widely used package called oauth2-server-laravel that helps in the process.
However, you can also develop your own token authentication system. The basics are actually pretty simple:
- To come in
- Checking credentials
- Create a token
- Save token in database
And then upon request, you check if the token is in the database (and has not expired yet)
Dead simple right? Well .. as you already know, it's too easy to be true.
Especially where safety is of the essence, you must consider every case and you must really know what you are doing. Therefore, I recommend that you use the OAuth standard. Yes, it might be a bit overkill, but I think it's worth it.
Hope I can help :)
source to share