OAUTH2

In Fantastico, a very modern authorization framework (OAUTH2) was choosen for guaranteeing:

1. Easy security for REST APIs.
2. Easy integration of 3rd party applications.
3. Easy integration of various Identity Providers.

OAUTH2 specification contains many scenarios for its usage and provide various flows:

1. Authorizaton code grant.
2. Implicit grant.
3. Resource owner password credentials grant.
4. Client credentials grant.

In order to understand all this flows you can read the official OAUTH2 [http://tools.ietf.org/pdf/rfc6749.pdf] documentation.

Fantastico security

In order to keep things as simple as possible, in Fantastico we currently support only implicit grant. Moreover, you can find some particularities of Fantastico implementation:

• We only support Implicit grant (for all use cases where protected resources are involved).
• We fully support scopes.
• We support state parameter for avoiding Cross Site Request Forgery

• Example (Simple Menu API)
  • Terminology
  • Display all menus
  • Managing menus.
• OAUTH2 Fantastico Tokens
• OAUTH2 Fantastico Error Responses
  • /authorize
• OAUTH2 Fantastico App registration
  • App registration extension
  • Manual registration
• Controllers security
  • Regular controllers security
  • ROA OAUTH2 Security
• OAUTH2 Fantastico IDP
  • APIs
  • User profile data
  • Login frontend
    • Administrator account
    • Users and persons
  • Default oauth callback
  • Technical summary
    • Password storage
• OAUTH2 Technical Summary
  • Overview
  • Enforcing authorization
  • Common tokens usage
    • Obtain authenticated user id
    • Obtain current granted scopes
  • Supported token generators
  • Encryption / decryption
  • Suported grant types
  • Concrete exceptions

OAuth2 exceptions

• 12000 - OAuth generic error
• 12010 - OAuth invalid token descriptor
• 12020 - Invalid token type error
• 12030 - OAuth token expired
• 12040 - OAuth token encryption error
• 12050 - OAuth invalid client error
• 12060 - OAuth invalid scopes
• 12070 - OAuth missing query parameter
• 12080 - OAuth unsupported grant type
• 12100 - OAuth unauthorized error
• 12200 - OAuth authentication error