I’ve successfully implemented my FOS OAuth Server bundle from the official repo to build an API with Rest bundle and Oauth. I”ve also followed these excellent documentation to implement it with my application:
- https://www.adcisolutions.com/knowledge/getting-started-rest-api-symfony-4
- https://medium.com/@cleverti/how-to-set-a-symfony-based-rest-api-with-oauth-bf5f867793c9
Now I understand how to:
- Retrieve my public and secret key calling create_client:
- Retrieve my token, passing in the POST body my credentials and public/secret key:
- Access protected information:
While I understand the flow I need to do to retrieve the information. It all sounds way too complicated for a user to do. When using an API, all I do is providing my public/secret key. I don’t recall ever doing anything similar in any API I’ve been using.
This is the first time I’m building my own API and I’m trying to understand what is the flow that should simplify all this?
1 - When a user registers for the api I create a set of keys for him calling create_client
2 - When he calls a route to access data (say api/v1/btc) maybe I should have an event listener like suggested here to provide a token? How does that work? I don’t understand how I’ll tell the user to use a authorization token in every request. Does he needs to do that? I’m happy to call /oauth/v2/token for him and do the request myself but I’m not sure this is the way to do it.
3 - Or does the user have to do anything special on his end like calling /oauth/v2/token to retrieve a token manually and then put it in the header? This seems way too cumbersome..
Any help would be much appreciated, they don’t explain what the process should look like in any of the docs online and i guess they assume we already now how to work wit OAuth2.
