laravel - Sentry versus OAuth2 server -

-

i used oauth2 code api server githhub: https://github.com/lucadegasperi/oauth2-server-laravel

instead using standard laravel auth, want use sentry, because sentry have lot of features sending mail, ban, approve registration, ...

i created connection client (laravel guzzle plugin) on api server, cannot keep sentry session. ok, or not? how can know permission, groups or whatever of user on api server. each call api send access_token, enough oauth2. not have idea how keep sentry session, example:

i logged in moderator permission user, , send new request api getting moderator information, not know moderator or administrator or what, because not have sentry session.

maybe oauth:scope1,scope2 enough, , maybe not need sentry, not have sentry features (look on beginning of post).

i believe problem trivial, not know how resolve issue. not have idea :(

your issue understanding of oauth2 flawed. oauth2 authentication not authorization.

generally oauth2 have 3 servers:

  1. the authentication server (am am?)
  2. the authorization server (what can do?)
  3. the resource server (your api)

now servers 2 , 3 can (and are) same thing in case it's model query.

what happens user first talks authentication server , says, i user.
if authentication server believes them issued token use in requests resource server (there couple more steps in between question seems imply understand those).

when request made resource server access token resource server asks authentication server "who person?" validate token.

(at point have received linked id token authentication server rest of application know user as).

the resource server asks authorization server "what can person do" or "can person action x?"

the resource server receives grant or deny response authorization server , either serves response, or throws access denied response.

hopefully should on track difference between sentry , oauth2.


Comments

Post a Comment

Popular posts from this blog

PHPMotion implementation - URL based videos (Hosted on separate location) -

-
i have implement video collection website users of specific isp. site hosted on public web-server movies hosted on local isp server. user of isp + general visitors can see available movies; isp's users able play them. player on site point url of local machine ( http://192.x.x.x/movies/mymovie.mov ) private class (192.x.x.x) accessible isp user. question: possible phpmotion script? or need custom work. if possible, can please suggest available mods? phpmotion require modifications able handle this. uploading, conversion, thumbnail generation, , playback pretty static in phpmotion. really though, rather modding entire upload , conversion process, if created quick custom form add entries phpmotion database (maybe include thumbnail upload), tweaked playback paths, should go on phpmotion side of things. assume had videos in format player handle (such flv or mp4).
Read more

javascript - Using Windows Media Player as video fallback for video tag -

-
getting video play cross platform using example video.js bit of fuss. in days when video should embedded use embed windows media player, work out of box on windows. since it's today old ie on windows doesn't support video tag experimented using windows media player fallback, , work well. what wonder here is, why haven't else solution? have missed something? code small, there's no flash files, cross domain issues or need of server working. works. so before develop further , add custom control , subtitles support wonder say. the code looks this: <video id="myvideo" style="width:640px; height: 360px;" autoplay data-wimpsource="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4"> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4" type="video/mp4" /> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.webm" type="video/webm" />
Read more

c# - Unity IoC Lifetime per HttpRequest for UserStore -

-
i'm trying clean default implementation of accountcontroller.cs comes out of box in new mvc5/owin security implementation. have modified constructor this: private usermanager<applicationuser> usermanager; public accountcontroller(usermanager<applicationuser> usermanager) { this.usermanager = usermanager; } also, have created lifetime manager unity looks this: public class httpcontextlifetimemanager<t> : lifetimemanager, idisposable { private httpcontextbase _context = null; public httpcontextlifetimemanager() { _context = new httpcontextwrapper(httpcontext.current); } public httpcontextlifetimemanager(httpcontextbase context) { if (context == null) throw new argumentnullexception("context"); _context = context; } public void dispose() { this.removevalue(); } public override object get
Read more