There is a widely held misconception that OAuth2 is the 'right way' to be doing mobile app security. I'm not saying that OAuth2 is not a great way to achieve this, but it is not 'right' for every situation.
If your security requirements are fairly basic, then OAuth2 is overkill. If you can confidently say that having your data compromised would not lead to anything more than mild embarrassment, then stick with HTTP Basic or similar, which are easier to implement.
If you're interested in knowing who is using your API, and using an API key for authentication may be just what you need.
However, if you do have stricter security needs then OAuth2 may very well be the right tool for the job.
If you have spent even a small amount of time looking into OAuth2 then you will likely have encountered all manner of fun terminology - Client Credentials, Resource Owners, Grant types, and maybe even spent a little time with RFC 6749.
Ultimately, OAuth in a Symfony2 application is made much easier thanks to the FOS OAuth Server Bundle. Throughout this tutorial series you will learn how to set up and use FOS OAuth Server Bundle combined with FOS User Bundle, and FOS REST Bundle.
|1||Installing FOS User Bundle - That is not a typo!||07:52|
|2||4 Key OAuth2 Terms You Need To Know||06:46|
|3||Creating and Using Our First OAuth2 Client||05:41|
|4||How Our OAuth2 Tokens Are Created||06:58|
|5||Client Credentials and Password Grant Types||07:43|
|6||Authorization Code Grant Type||04:17|
|8||Scope and FOSOAuthServerBundle||08:12|
If you have found this course helpful, please share it.