Implementing Facebook grant type to our OAuth server

We had created our own password type grant where user was sending his username and password over the wire to validate on our server and then getting an access token. Although this is ok but we would like to stop users from sending username and password over the wire. To achieve that in this tutorial, we will create a new grant type – Facebook grant type where the user will send an access token which he will get from Facebook oauth server and send to our server. We will validate the access token and then send him an access token using which he can access resources on our server. In this entire process as you can see, the user doesn’t need to send his username and password to our server at any point of time. Continue reading “Implementing Facebook grant type to our OAuth server”

Laravel 5 middleware to authenticate oauth access token before controller

OAuth gives access token to users using which the user let’s the server know that he is a valid and authenticated user. After this authentication, he is allowed to view data from the REST API. We are going to do the same in this tutorial. I have a REST url which has some data which a user with a valid access should be able to view. If the user doesn’t have an access token or the token has expired, then I will throw appropriate error message. Continue reading “Laravel 5 middleware to authenticate oauth access token before controller”