I am currently running two Kohana 3.2 applications:
- Web Server
- Rest API Server (handles web authentication and all database models)
We are using password granttype/2-legged oauth2 for authentication. When someone performs a login on the webserver, an API authentication request is sent to the API server, based on the response the Auth::instance is set on the web server. Everything works fine up to this point.
We have an automatic crud controller on the API server, but I want to make this available only to an "admin" account after logging in on the web server. I am trying to find a way to pass authentication from Auth::instance()->logged_in() on the web server back to the API server, so that the crud controller is only available if you had been logged in on the web server.
Any creative advice on how to achieve this? The major challenge is that the API server is running ouath2 and auth (ORM driver), but the web server is running a custom Auth driver based on a successful consumer API login.
Here is the flow:
- User visits web server
- User logs in
- web server sends oath2 authentication request to API server
- api server access client database validates request, returns access_token
- web server sets
Auth::instance()->logged_in()if access_token is present - CRUD link is displayed based on admin role
- CRUD link is a controller on the API server
- [need to validate the user was authenticated here]
- CRUD controller is displayed (cross-url link, not HMVC included controller)
Any help will be greatly appreciated.
