search

adamlundrigan / LdcZfcUserOAuth2

An extension for zf-oauth2 allowing use of ZfcUser as authentication source
BSD 3-Clause "New" or "Revised" License
11 stars 9 forks source link

Using both ZfcUser Authentication adapter and LdcZfcUserOAuth2 #2

Open pdrosos opened 9 years ago

pdrosos commented 9 years ago

Hello,

We have a large existing project, which uses the ZfcUser module and authentication. Now we must develop a REST API for mobile application and would like to use Apigility with OAuth2 authentication, but still reusing the existing project's code and users.

We are considering to add the REST API in its own module in the existing project to be able to reuse its modules and services. That's why I would like to ask is it possible to use the ZfcUser authentication adapter and LdcZfcUserOAuth2 in the same project?

I see in the LdcZfcUserOAuth2 Readme that we need to override the authentication adapter used by ZfcUser in order to use this one. But can we have them both together and they work with different priorities? Or even allow the LdcZfcUserOAuth2 only for our API module and leave the ZfcUser adapter for all other modules?

Any advice and suggestion how can we do this and connect our API with our existing code will be much appreciated!

Thank you in advance.

adamlundrigan commented 9 years ago

Though I haven't tried it myself, I suspect you could use either of those approaches. The main issue with ZfcUser's built-in authentication adapter is that it assumes you're using a session to store state, which isn't the case for zf-oauth2. Of the two approaches you mention my choice would be to only enable this module's authentication adapter during OAuth2 authentication requests and leave the ZfcUser default auth adapter in place for "normal" logins.

gargatok commented 8 years ago

Adam, maybe I'm totally missing the point here, if you could clarify a bit would help me a lot. I just want a standard website, where my users can authenticate with ZfcUser (maybe using ZfcRbac for ACLs), and I would like to use Apigility with AmgularJS. Now as far as I understood things, to authenticate I should store everything in a session, but for apigility API to work out, I need an Oauth2 token. Above all this I use Doctrine. And I don't see how all these things should work out together, or which direction I should be moving to. Can you give me some hints, buzzwords, in which direction I should search? Can you tell me in which usecase I should use your module? zf-oauth2-doctrine also exists nowadays, which also interferes with your doctrine extension right?

Thanks a lot Gergely