Rest with oauth2 - rest

I'm using this library with my codeigniter rest service. Basically, I have a REST_controller, that is inherited, and checks for a valid token, using that library.
All I want is to provide an API to secure some of the API methods.
Now, I'm lost reading most of the specs for oauth2 and tutorials regarding that library.
Can anyone help me, proving good tutorials, examples and explanations on I can achieve, a simple login system and then, call user authenticated methods.
Thanks in advance

Just constructed a pictorial tutorial for OAuth2.0 specs. In case you may find this useful:
Tutorial : http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Also adding a web app demo demostrating the different Authorisation Grants flows. It contains the path to the google code as well as some other tips.
http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
***Your comments at that blog may be useful to me to improve the contents there*

I did a demo using spring MVC and spring security you can find source code here

Related

Identity Provider Implementation with SAML V2 and Java

After successfully implementing SAML-V2 Service Provider (SP); for supporting some specific use-case, I have to implement my own SAML-2 IdP. After going through OASIS Documentation and many others about the SAML protocol, I have started implementing it.
My Use-case is just a single profile (Web Browser SSO Profile) with SP-Initiated SSO: Redirect Bindings only.
I am looking for some lean third-party library or java based implementation which I can refer/use to speed up the implementation and customize on top of that.
Would love for any recommendation or suggestion in this direction.
To be specific I'm looking for any/all of below :
Easy to use open-source library for implementing SAML-V2 Identity Provider in Java.
Detailed documentation/specification for above profile.
Any advice from experts who have past experience in implementation such kind of IdP.
There is lots of material available for SP. However, very few and complex for IdP.
Some of the java-based implementation which I am already looking are : KeyCloak and Lite-IdP.
"Very few and complex" is true because building a real-world identity provider is a serious project. OpenSAML as the library is your best option in Java - many enterprise-grade implementations that we know about are built with it. A good, stripped-down example of how to use OpenSAML in IdP context is https://github.com/OpenConext/Mujina .
Lite IdP is written in Go. If you're open to non-Java options, SimpleSAMLphp is excellent, it's certainly better documented than many others.
I'd post it as comment, but I don't have enough reputation.
But here you have almost the same question, regarding Spring SAML:
using-spring-saml-as-an-idp-rather-than-an-sp
Take a look at Vladimir's answer, I think it's what you're looking for. Here is the link suggested by him.
Cheers

Implementation API for mobile APP

I am programming a Symfony2 App. The structure of my Symfony2 app like:
Login (username / password)
Get Survey for this Login / for this User
User input / click answers. After each click a Ajax request save the answer
User submit survey after answering every question
I have no experience with mobile apps like IOS, Android or Windows. The mobile will created by an other team. The question ist quite common, but which steps i must realize? Are there any literature that you can recommend me?
What was the right way to create an API?
How far Symfony2 supports to create an API for this use cases?
Unfortunately I have no experience on REST, but i suspect this is necessary, right?
I look forward to each answer.
Let me state the obvious first, if you start building a project with technologies you don't know enough about, it WILL be a nightmare. So by all means take your time to learn what you need.
REST is the reccomended standard to build an API since it's native http native and it's quite simple and flexible at the same time. There are tons of simple tutorials on REST, starting from Wikipedia, so I won't link them here.
But I'll tell you a secret, a web service can simply be any web page that reply to your requests with structured data. I.e. even a non-REST series of "webpages" the reply with JSON data can be defined a web service.
By now you see that you can easily do that with Symfony. If you already know how to do stuff and show pages with Symfony, only add JSONResponse to the mix , and also the _format routing parameter, and you should be on a good way.
You just create a path (i.e. an action) for whatever the mobile application needs to do. Of course later on you will learn the beauty of REST and refactor your API accordingly, but first thing you build a working system.
Reading this blog post is a good start. Now if your application will only serve API responses there is the very good Symfony REST Edition which already includes all bundles and tools needed to create an API centric application with Symfony2.
You also have the Lionframe framework but I didn't tested it yet.

AngularJS official tutorial, how to add object?

I'm kinda stuck at testing Restful model without server-side.
In Google official tutorial step 11
They show real nicely how to get all the phone lists from a local json files using get method.
It is really nice and very simple, but they are lacking something very basic in this tutorial deleting/adding with delete/post methods.
I'm stuck right now because I cannot find a way to add/delete objects using Restful model without implementing server-side DB, of course not permanently just throughout the application life.
Can someone give an example that's built on AngularJS official tutorial, how to implement a simple add of a phone object?
You want to use Angular's $resource service.
Documentation here
That contains a working example similar to what I think you're asking.

Adding OAuth to a Scalatra web service

I am looking to build a Scalatra based API. One of the requirements is OAuth authentication. I noticed the guide for OAuth isn't yet put up on the official Scalatra site. Is the best way to currently add OAuth support by figuring out how to add an OAuth based strategy into Warden? I come from a Ruby on Rails based background, so new to a lot of Scala/Java conventions. There's probably several ways to tackle this but I'm hoping for any solution that's documented and can be referenced for implementation in my own application.
I am currently rewriting a Ruby/Sinatra app in Scala/Scalatra. I found the easiest way to add OAuth is to use Scribe (https://github.com/fernandezpablo85/scribe-java). There is a guide on using Scribe with Scala here:
https://github.com/earldouglas/nuevos#consuming-the-twitter-api-in-scala-with-scribe
Note that the exact implementation of the Twitter API is outdated. He made some minor updates to the code without actually updating the README (That confused me for some time.) I suggest you read the normal Java Scribe guide first, then take a look at the source code of the Scalatra example.

The best way to implement REST in CakePHP 1.3?

Does anyone know of any tutorials that explain clearly how to implement simple REST functionality with authorization.
I've seen a few plugins and got also got some basic REST functionality working but there seems no clear guidelines about how to build a secure REST service in Cake.
Any help appreciated.
Sounds like you need to look into OAuth which uses REST to connect to Web Sevices without sending usernames and passwords.
Try these tutorials for a start
http://code.42dh.com/oauth/
http://www.neilcrookes.com/2010/04/12/cakephp-oauth-extension-to-httpsocket/