zolij
commented
7 years ago First: I think you should start with this.
About scopes, you can read this.
Basically you have to define required scope in resource controller (the api endpoint). Available scopes can come from database or other place (see second link).
Second, i need create two records in oauth_clients table (one for the admin site, another for the public site).
Yes.
Third, what is the oauth_users table purpose ?
I think that's a "starter kit" table but if you implement your own user handling (other sql table or external auth such as ldap) then you can skip it.
Fourth, is oauth_clients.users_id column a reference to oauth_users.id column ?
if you use that table then yes.
I want protect an API using Oauth2 protocol. After search in Google about protocol implementation writted PHP, i found this library. After reading the docs, i have some questions. Note that i am newbie with this concept. I want use the Client Credentials flow to authenticate some web frontends with my REST API.
So, i have 3 projects:
1) Products API, with the next endpoints: [POST] /products (create a product) [GET] /products (search products) [GET] /products/{slug} (read a product)
2) Admin site, to create products using the API.
3) Public site, to search and read products using the API.
In first place, i should define the scopes in _oauthscopes table. Right ? For example: 1) products_create 2) products_search 3) products_read
Second, i need create two records in _oauthclients table (one for the admin site, another for the public site). Right ? For example:
Third, what is the _oauthusers table purpose ?
Fourth, is _oauth_clients.usersid column a reference to _oauthusers.id column ?
Thanks !