Comments (4)
I think this thread can be closed. Apigility is not what I'm looking for, it'll be better to have more granular control over what's going on behind the stage, Laravel will do the job very well. Thanks!
Originally posted by @manuelro at zfcampus/zf-apigility#159 (comment)
from api-tools.
A User has Clients. The Client table has a reference to User.
This allows one User to have multiple Clients; one per application which implements your API. This diagram may help but it uses a disconnected User so the relationships to User are not mapped.
Originally posted by @TomHAnderson at zfcampus/zf-apigility#159 (comment)
from api-tools.
I think I haven't got this straight. Users can be a simple service under my API. How do I connect the users with the clients? Is it done manually? Do Apigility has a faster way for doing this?
Originally posted by @manuelro at zfcampus/zf-apigility#159 (comment)
from api-tools.
You want specific users to have access to a specific client. That's not what OAuth2 does. You will need to authenticate your users against a list of permissioned clients in order to issue an access token.
Look at it this way: At Facebook if I create a client for my app how do I filter the people that can use my app? I believe the correct answer is: "I don't". The Client entity is owned by a user and there is no other security about who can use a client as long as the authorization code handshake can be performed.
A user is connected to a Client through an Authorization Code, Access Token, or Refresh Token. The user USING the app is linked from one or all of these Tokens. So given a Client A owned by user 1 where users 2 and 3 are authenticated using the Client A credentials user 1 is the client owner and users 2 and 3 are authorized for Client A.
Originally posted by @TomHAnderson at zfcampus/zf-apigility#159 (comment)
from api-tools.
Related Issues (20)
- Global Apigility API URL prefix HOT 10
- Some suggestion on DELETE Method HOT 1
- Input Filter Behavior Option/Toggle HOT 4
- Db Connected Rest service empty response on http 200. HOT 11
- DB-Connected REST service should create fields automatically from DB schema HOT 3
- Enforcing scopes when accessing a resource HOT 2
- Pass $data in fetchAll() to the TableGatewayPaginator HOT 5
- Error when when rendering collections is disabled HOT 1
- Ability to support database/schema prefixed tables HOT 1
- Unable to add IsInstanceOfValidator in Admin UI HOT 1
- LAB API-REST : laminas-api-tools/statuslib-example : Installation failed, reverting ./composer.json to its original content HOT 6
- How do I create unit testing on laminas-api-tools ? HOT 2
- Psalm integration
- PHP 8.0 support
- php public/index.php returns base path error HOT 1
- Unable to edit previous created RPC services HOT 1
- Module(StatusLib) couldn't be initialized
- Switch to GHA CI workflow
- AbstractTableGateway defaults to use ArraySerializable which is deprecated
- PHP 8.1 support HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from api-tools.