Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Rest Digest Authentication
  • I'm building a restful interface for a system that will support both anonymous and first-class accounts across mobile, console & web clients.  I'm also a security noob.  https & signing requests seems like the way to go for me (please correct me if wrong...) and it looks like that is what the digest authentication is doing, but I can't find anything in the documentation that explains how to implement.  I have looked under the security and controller sections but nothing even mentions digest...

    Anyone care to provide me with a rundown of what it is and how it works?

    Many Thanks,
     - M
  • HarroHarro
    Accepted Answer
    The most secure solution for web services is to encrypt using TLS, and authenticate using a client-side certificate. But that's very complex to setup, and for that reason it's usually implemented using a security gateway.

    One step down are userid/password based solutions. Out of the box, the REST controller support basic and digest, both documented in http://www.faqs.org/rfcs/rfc2617. You can also implement your own solution, either based on Auth (a lot of people use that), or based on an OAuth implementation.

    For basic and digest, copy fuel/core/config/rest.php to app/config, and modify it. It contains the Realm you authenticate against, the method used, and the list of valid username/password combinations (this is why a lot of people use Auth, it stores them in the database, hashed, instead of in a file, readable). After this it should work without further modifications.

    If you decide to implement your own authentication method, I suggest you switch to 1.6(develop), it's Controller_Rest supports a custom auth method (besides basic and digest), in which you can implement whatever mechanism you want.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion