Introduction

ABOUT THIS MODULE

This is Yii2 Module lets you use OAuth2 inside your projects trivially. You can configure an OAuth2 server to add security and protection to your API with any of the access grants defined by OAuth2 standard or the request of a token refreshment.

The mpdule supports the following grants:

Authorization code grant.
Implicit grant.
User Credentials grant.
Client Credentials grant.
Refresh Token grant.
Bearer Tokens.

Also, it supports the following token yet unstandardized types:

JWT

OAUTH2 101

If you are new to OAuth2, its good to get familiar with the standard itself. There are many places you can learn (see at the end of this page). Here is a Quick Introduction

According to IETF, OAuth2 is:

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol.

Simply put, Oauth2 is a layer of protection on your resource. Lets assume you are providing REST API like they do the guys at ESV Bible and you want only members to access it, or just few people to access few verses and others to have full access of whole Bible. You will need OAuth2 layer to put such limits and secure your data against any unauthorized access.

Oauth2 decouples the Authorization chores from main resource server and can be hosted in different server altogether. For example you can use Facebook Oauth2 service and protect your resources entirely based on their service. But for all practical purposes, you need to have your dedicated server for that!