You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there. Just a quick question I hope.. I am using your library for the server side of our Apis which at this time are only going to be accessed by our mobile app running on users devices, but at some point down the road we do want to support third parties accessing our users' data which is one reason we went the oauth2 route.
In the meantime, we basically just have a need to have some methods accessible to "anonymous" users - like a registration call, or a login call, or some basic public data calls, and some methods only accessible to those users that are logged in (we were going to use the password grant type for this)
My question is, is there a way with this library to restrict a method based on grant type? Or the bigger question, am I going about this in the right way? Defining scopes didn't feel right for this (eg defining user or non user scopes) because like I said, at some point we do want to support "actual" scopes tied to specific resources in our system and I figured doing user and non user scopes would cause problems for us down the road.
So I guess my question is, do I use one of the methods in this library to check "password token vs client credentials token" or do I write my own code to inspect the token and see if there is a user id associated with it? I ask because it felt like this is something the oauth2 server would handle because it is an authorization check, but being new to this in general, I wasn't sure. Again if there is a better way to do this (eg I am using the wrong grant types for this scenario), I am all ears.
Finally I need to compliment you on your level of documentation and support for your project. The cookbook in your documentation is why I scrapped another oauth2 php library and went with yours.. Your commitment and responsiveness is unprecedented in my opinion and I'm a 19 year software developer. So, thank you!
The text was updated successfully, but these errors were encountered:
Hi there. Just a quick question I hope.. I am using your library for the server side of our Apis which at this time are only going to be accessed by our mobile app running on users devices, but at some point down the road we do want to support third parties accessing our users' data which is one reason we went the oauth2 route.
In the meantime, we basically just have a need to have some methods accessible to "anonymous" users - like a registration call, or a login call, or some basic public data calls, and some methods only accessible to those users that are logged in (we were going to use the password grant type for this)
My question is, is there a way with this library to restrict a method based on grant type? Or the bigger question, am I going about this in the right way? Defining scopes didn't feel right for this (eg defining user or non user scopes) because like I said, at some point we do want to support "actual" scopes tied to specific resources in our system and I figured doing user and non user scopes would cause problems for us down the road.
So I guess my question is, do I use one of the methods in this library to check "password token vs client credentials token" or do I write my own code to inspect the token and see if there is a user id associated with it? I ask because it felt like this is something the oauth2 server would handle because it is an authorization check, but being new to this in general, I wasn't sure. Again if there is a better way to do this (eg I am using the wrong grant types for this scenario), I am all ears.
Finally I need to compliment you on your level of documentation and support for your project. The cookbook in your documentation is why I scrapped another oauth2 php library and went with yours.. Your commitment and responsiveness is unprecedented in my opinion and I'm a 19 year software developer. So, thank you!
The text was updated successfully, but these errors were encountered: