Hello,
Right now i’m evaluating on building a standalone token auth service for our projects (we have 3 projects that need authentication, and we want to build a central auth service that will handle it for them all - basically an auth provider). Basically we need a common account for multiple projects, but those projects are kind’a separated logically.
So, I need some advice, as I understand how it all works in general, and we actually have that service built by someone else, but it’s so bad that we just through it out (I’ve tried to patch it, but it’s not feasible to continue).
So, i’m looking through the OAuth2 modules: clients (authclient) and servers (there are a few).
On the service side itself it’s more or less clear, I use the authclient for social auth. But it’s also a server for our projects, so the question is:
Do I build also the Oauth2 server as our own auth service and connect to it via OAuth2 client from our own clients?
Or do I not understand some part of it and it should be done differently?
The schema is like this, I build the common auth service and integration into "Our services":
Our service 1 \ / Facebook
Our service 2 --- common auth service --- Regular email registration with the service
Our service 3 / \ Google
P.S. I’m also evaluating doing it in Laravel, because we have one of the new projects done in it, but I do not have prior experience with it and looking at what fits best. I have 4+ years with Yii though 
Though call.