Let's first understand the difference between authentication and authorization before diving deeper into OAuth.
Authentication vs Authorization?
Understanding the difference between authentication and authorization is essential. They are two different things, but they sound similar.
Verifying the users identity, means authentication is about finding who are you.
For example, In an application When you login by entering your username and password authentication happens, then authentication verifies if you are really who claim to be, authentication is finding about are you really Vikas for example.
One factor authentication
There is one factor authentication where you provide your username and password.
Two factor authentication
In two authentication factors you provide an additional peace of information.
So once you are authenticated next step is authorisation.
What you are authorized to access.
Authorization is a term used to describe the privileges and access rights granted to users by an authority.
You might be authorised to access only inventory applications not sales applications.
So authorisation make sure that you can access only inventory related application.
What is a OAuth?
OAuth is the industry-standard protocol for authorization
OAuth is an authorization protocol built on top of HTTP which allows applications to securely access data without having to store usernames and passwords.
Acquiring knowledge of the OAuth 2.0 Workflow
Configure OAuth with PHP
First, ensure that you have Composer installed on your system
composer require league/oauth2-client
The library and its dependencies will be installed in your project directory with composer automatically.
Next, we need to create a new PHP file (e.g., oauth.php) and include the Composer autoloader.
require 'vendor/autoload.php'; // Your OAuth code here
After setting up our PHP environment, let's incorporate OAuth for user authentication and authorization.