im not sure of which way to take with a REST API im currently developing using CakePHP, i haven't implemented authentication and until now that im almost done with it i'm reading about it,
but i'm not sure of what should i do, this API would be exposed so that a webpage and a mobile app can consume it, but i dont think Basic auth or Digest auth (which come as default options in CakePHP) are the option,
i only know that i need it to check username and password from the database, and grant permission according to an ACL that is already set up, i was reading something about HMAC but dont understand it completely, should i make an authentication method on my own that does something like check a token? is this article correct? : http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
and if so, how do i implement those principles to the CakePHP auth method? is there a plugin for this auth method using HMAC?
should i use OAuth 2.0? does it make sense to use OAuth 2.0 for a username & password login? am i too lost? if im not so lost, could you please describe how to implement OAuth with username and password in cakephp?
someone, please, anyone surfing this interweb forum, HELP ME. if you could provide examples or workflows, anything, everything will be greatly appreciated.
