Recently I’ve started developing hybrid mobile application (Ionic + AngularJS) in addition to the website powered by Yii2.
For these purposes I have created separate application in Yii2 with REST API controllers, the data is properly returned in JSON format - everything works great!
However now I have faced the need to implement authentication & authorization of user through mobile application using REST and it seems that all docs look somewhat partial and not covering real-life scenarios.
What I would like to achieve:
Implement opportunity to login from mobile application using username/password or couple of AuthClients (Facebook + Google);
Store in mobile application and Yii2 backend access token, refresh token and device id (for additional security);
After the expiry of access token get new access token using refresh token;
Provide users with opportunity for being logged in from multiple devices without issues.
The questions that I am facing:
As I understood there is not much difference between HttpBearerAuth and QueryParamAuth for my case. Is it correct or I’m missing something?
Then I have noticed that there are some people that prefer to implement own Oauth2 server for these purposes (like https://github.com/Filsh/yii2-oauth2-server). Is this something really required?
Frankly speaking, I’m confused about proper overall solution for above requirements on Yii2 REST backend side. Could someone kindly advise at least some thoughts on which and how controllers-models should be structured in order to support above requirements?
May be someone has already implemented similar Yii2 service and can share some snippets or repository?
In any case any advices on above are very welcome!