I want to develop an API for an existing web application that has already a large database including user table. OAuth2.0 implementation for content retrieval end points already works with scope and everything I need.
Unfortunatelly I could not grasp so far how to implement login though. The API Endpoint works, but now I want to implement OAuth2 here as well. As far as I can see the example of the library I am using, it offers its own user table. https://bshaffer.github.io/oauth2-server-php-docs/grant-types/user-credentials/
My code so far looks like this:
$app->put('/login', function() use ($app) {
global $feedback, $sess_id, $server, $response;
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
$scopeRequired = 'UserAccess';
if (!$server->verifyResourceRequest($request, $response, $scopeRequired)) {
// if the scope required is different from what the token allows, this will send a "401 insufficient_scope" error
$response->send();
die;
}
// check for required params
verifyRequiredParams(array('un', 'pw', 'cc'));
// reading post params
$user_name = $app->request()->put('un');
$password = $app->request()->put('pw');
$area_provided['cc']= $app->request()->put('cc');
$response = array();
user_login($user_name,$password, true, $area_provided);
$userdata = get_userdata_2();
if (isset($feedback) AND $feedback == 'ok'){
$response["error"] = false;
// $response['user_name'] = $userdata['user_name'];
// $response['email'] = $userdata['email'];
// $response['apiKey'] = $userdata['api_key'];
$response['sess_id'] = $sess_id;
}elseif ($feedback == 'max_login_tries'){ // client login
$response['error'] = true;
$response['message'] = "Maximale Anzahl von Versuchen ereicht";
}
elseif($feedback == 'nopass'){
$response['error'] = true;
$response['message'] = "Bitte geben Sie ihr Passwort an";
}
elseif($feedback == 'user_unknown'){
$response['error'] = true;
$response['message'] = "Dieser Benutzername ist uns nicht bekannt";
}
elseif($feedback == 'wrong_password'){
$response['error'] = true;
$response['message'] = "Das Passwort ist falsch";
}
elseif($feedback == 'deactivated'){
$response['error'] = true;
$response['message'] = "Ihr Benutzerkonto wurde deaktiviert";
}
elseif($feedback == 'wrong_country'){
$response['error'] = true;
$response['message'] = "Ihr Benutzerkonto gilt für ein anderes Land";
}
else{ // other
$response['error'] = true;
$response['message'] = "Unbekannter Fehler";
}
echoRespnse(200, $response);
});
How could I
- Use my existing user table with this concept?
- Check the illustrated validation and then return the access code
Thank you for any help on this!