I need to create a API backend for my mobile app (flutter). This API need oauth2 authentication and some endpoints, i read oauth2.thephpleague.com and have to use “Authorization Code Grant with PKCE” (“Password Grant” seem to be no more the best practice in this case?).
How to use it in Mezzio?
I have converted some months ago a expressive api repository example from Enrico Zimuel to Mezzio. You can find the fork there (is for my testing but feel free to edit): https://github.com/mbourquin/mezzio-api. I made some test and it works with Password Grant but don’t know how to retrieve which user is calling the endpoint (UserInterface::class is empty…)
The goal is to get a access token (after a login) that i can use in the next API calls… and on each handler check if the user is allowed to access to this action.
- Is there a complete example with Mezzio and the latest oauth2 phpleague server?
- Do i have to use Laminas API Tools ?