REST using OAuth2

[ElliotHM]

I've been doing alot of research and about 6 hours of solid browsing and now I'm admitting defeat.

I currently have the client simply submitting hashed user details to a custom php api responsible for user authentication as well as database queries.

 

I was wondering if it's plausible to setup InvisionCommunity to act as an OAuth2 server which can serve member details via REST to a Native Desktop application where users will login using OAuth2(my site) to retrieve their user details.

Has anyone managed to get this working, if so can you throw us a few pointers both the available IPS docs and what's publically available aren't cutting it.

 

Is it even worth using OAuth2 as i'm not wanting 3rd party logins? OR is there a more secure alternative method to do this?

[Mark]

Yes, using the REST API with OAuth 2 authentication is the best way to do this. 

Our documentation assumes you are familiar with the basic concepts OAuth before you begin. A good resource is OAuth 2 Simplified.

First decide how you want users to authenticate:

• By opening a webpage, logging in, and granting access (like you do for Facebook login, etc) - this is the recommended way as it's the most secure, but maybe a bit more difficult. See the "Web Server Apps" section of the OAuth 2 Simplified site.
• By entering their username/email + password. See the "Other Grant Types" section of the OAuth 2 Simplified site.

You'll create an OAuth Client in AdminCP → System → REST & OAuth → OAuth Clients.

If you're having trouble, let us know how far you've got and what you need help with.