I have developed a website in PHP ( zend framework 2 ). It has user authentication to access user specific content and views which is only accessed by the user. Now I want to create a mobile app which has same functionailty as this. So I created a web service to access all require methods to access data. Now I have to authenticate user from mobile app . So user should be able to login once using his credentials in mobile and he should be able to access his content.
My Idea is , after user is authenticated ,subsequent API calls should communicate with web service using a token provided by web service. I have basic understanding of oAuth. So my plan is to create an oAuth server in my application which provides secret key for my app. App connects using secret and gets a token when authenticated. App uses this token for further API calls.
Now my questions are
- Am I using oAuth correctly or isnt this oAuth for.
- Is there any better implementation than this.
- I have searched to see similar implimentations but all I found when I tried oAuth keyword is google oauth Authentication.
- What are alternatives to authenticate user from mobile app with login credentials we have in database.