Introduction - Patroklo/yii2-oauth2-server GitHub Wiki
ABOUT THIS MODULE
This Yii2 Module lets you use OAuth2 inside your projects trivially. You can configure an OAuth2 server to add security and protection to your API with any of the access grants defined by OAuth2 standard or the request of a token refreshment.
The module supports the following grants:
- Authorization code grant.
- Implicit grant.
- User Credentials grant.
- Client Credentials grant.
- Refresh Token grant.
- Bearer Tokens.
Also, it supports the following unstandardized token types:
- JWT
OAUTH2 101
If you are new to OAuth2, it's good to get familiar with the standard itself. There are many places you can learn (see at the end of this page). Here is a Quick Introduction
According to IETF, OAuth2 is:
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol.
Simply put, Oauth2 is a layer of protection on your resource. Lets assume you are providing REST API like the guys at ESV Bible do, and you want to have an only members access type, or just a few people to be able access few verses and others to have full access of whole Bible. You will need OAuth2 layer to put such limits and secure your data against any unauthorized access.
Oauth2 decouples the Authorization chores from main resource server and can be hosted in different server altogether. For example you can use Facebook Oauth2 service and protect your resources entirely based on their service. But for all practical purposes, you need to have your dedicated server for that!