0

I am trying to implement a MySQL database that is accessible via REST APIs. In order to do so, I am running a dynamic web project within a Tomcat 8.0 Server.

However, now I am looking to implement some form of authentication that has to happen before a client (i.e. an Android app) can have access to the APIs. I have been reading up on OAuth 2.0, and it does appear to be what I am looking for.

Based on the article that I have been reading (http://tutorials.jenkov.com/oauth2/authorization.html), it appears that a separate OAuth server has to be running. The question is, how can this be done? I am currently using Eclipse to compile and start my local Tomcat server. Do I have to create a separate server in Eclipse? Once the permission has been granted, does the client need to interact with the OAuth server in order to access the database data or does it interact with the Tomcat server that I am running?

user1927638
  • 1,133
  • 20
  • 42
  • OpenID or (OpenID Connect) are also popular options. It could even a better choice since OAuth is a [standard for authorization](http://en.wikipedia.org/wiki/OAuth) while [OpenID](http://en.wikipedia.org/wiki/OpenID) is for authentication. See http://stackoverflow.com/questions/1833184/how-to-use-openid-in-restful-api – mjn Nov 03 '14 at 06:57
  • It seems like OpenID is the right way to go. I looked online and found the openid4java library (https://code.google.com/p/openid4java/) which seems to be what I'm looking for. The only issue is that I have no idea how to set it up. When I import it to eclipse as a Maven project, it keeps telling me that I have an error of some sort. – user1927638 Nov 06 '14 at 04:40

0 Answers0