Add logging to user authentications

[jackdpeterson]

Hello, and thanks again for continuing to maintain this nice module!

I'm looking at adding in logging about authentication events. Do you have a suggested way to hook into this functionality?

Example scenarios:

1. user logs in for the first time (get access token / refresh token for the first time)
2. user requests a refresh of their access token.
3. User fails to authenticate (e.g., be able to add in detection of DDOS or brute-force attempts).

It seems like hooking into the existing apigility authentication events aren't quite the right approach because those would fire on every request -- unless I'm misunderstanding something.

For both I plan on pushing in a simple syslog which would then be handled outside of the scope of the application.

syslog(LOG_INFO, 'user_auth event. userId: ' . $user->getId());

Additional data may be captured as well such as source IP and so forth; however, the above is just a contrived example.

Thanks in advance :-)

[TomHAnderson]

This library is just an adapter for https://github.com/bshaffer/oauth2-server-php

If you want to log events you would hook them into an event management for that library. However, I don't think https://github.com/bshaffer/oauth2-server-php has event triggers currently.