PhpRootUser Posted May 2, 2014 Share Posted May 2, 2014 Hi. After looking how oauth 2.0(User Credentials) works, why i use this if i have to put the access_token variable in a cookie of a session i have to start, lol! Oauth User Credentials was supposed to do the job of session, but if i have to start a session for this it makes no sense... Forget about the 3rd part application, i am discussing the need of session creation in oauth 2.0. Also, to use Oauth, an https(secure) connection is hightly recommended. Oauth should be used for json responses only? Quote Link to comment https://forums.phpfreaks.com/topic/288170-why-oauthuser-credentials-isnt-php-session-enought/ Share on other sites More sharing options...
Zane Posted May 2, 2014 Share Posted May 2, 2014 Because that token is your key to their information, their profile, their demographics; everything you need to keep up with your incoming traffic without the hassle of storing it yourself. Storing a session is easy. Getting users to create an account on your site; not so much. User friendless is key to a successful website, otherwise it's like one of those extremely complicated adding machines from the 20's, with liquid based atticuses and hand-carved wooden levers and gears. There's is no substitute for a $_SESSION, it has one purpose in life, and that is to remain accessible until the site and browser sessions are terminated. Quote Link to comment https://forums.phpfreaks.com/topic/288170-why-oauthuser-credentials-isnt-php-session-enought/#findComment-1477898 Share on other sites More sharing options...
PhpRootUser Posted May 2, 2014 Author Share Posted May 2, 2014 ZANE SAID: "Because that token is your key to their information, their profile, their demographics; everything you need to keep up with your incoming traffic without the hassle of storing it yourself." OK, but that case is when you make 3rd part applications available in your site, not when you use only user credentials. I am asking what is the advantage of using "user credentials" instead of $_SESSION. The user credentials receive a Username and Password, then return a token in json. Then, you have to send the token back to the server to continue to be "recognized", and what is the diference of sending him a SESSION_ID? Quote Link to comment https://forums.phpfreaks.com/topic/288170-why-oauthuser-credentials-isnt-php-session-enought/#findComment-1477963 Share on other sites More sharing options...
PhpRootUser Posted May 2, 2014 Author Share Posted May 2, 2014 Check : http://bshaffer.github.io/oauth2-server-php-docs/grant-types/user-credentials/ if you need more info... Quote Link to comment https://forums.phpfreaks.com/topic/288170-why-oauthuser-credentials-isnt-php-session-enought/#findComment-1477964 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.