-1

I am building my own application based on an external CAS service. I would like to authenticate the user using the external CAS first then allow them to use my application.

However, I am reading off the documentation on phpCAS but I am not sure how I can do it in a restful way.

What I need is some token to give to my frontend javascript, and each time the user makes a request I would check that token against CAS to make sure the user is authenticated. Is there a way to do that?

I have read about ticket and proxies but I didn't understand... sorry for my newbieness hope you don't mind.

Han_Chen
  • 195
  • 2
  • 14

1 Answers1

2

There are a few different ways to do this. One way is using Oauth2 user credentials grant:

e.g. https://bshaffer.github.io/oauth2-server-php-docs/grant-types/user-credentials/

The general flow is: 1. Your application sends a post request to CAS. This contains the username / pword credentials of the user making the request. 2. CAS validates these credentials and creates a bearer token (with the same permissions as that user). It then returns this token to your app. 3. Your app uses that bearer token in all future requests (in the authorization header).

That token has an expiry date. When it expires, your app will need to make the authorization request again to get a new token. Or use a refresh token.

Unfortunately, there is no real shortcut to understanding all this. I'd recommend researching Oauth2 user credentials grant or Oauth2 client credentials grant (use google images to see the flows for each). Then see which your CAS system works with.

Oliver McPhee
  • 1,010
  • 10
  • 18
  • I guess the key is that CAS returns a bearer token for future access. I wonder where that token comes from. I read the docs and there is **ticket id** returned, but I don't know how I should use that for future access. – Han_Chen Jun 24 '15 at 00:09