We are building a multi tenant application that should provide REST services for a mobile app and a php website. Some of the webservices can have anonymous access, others should only be accessible for authorized users. As far as I understand I should expose a REST service with the REST module (https://github.com/mendix/RestServices): The REST module will attempt to pick up any client session that is available (useful when invoking the service from a browser, using Ajax for example). If no such session is found, basic authentication needs to be provided to send credentials to the service. I would like to expose a "login" service so the clients can show a login form and validate the username and password against the service. The customer wants to use a more "advanced" security mechanism then basic authentication, like for example OAuth. Is this possible?
asked
Martijn Raats
1 answers
0
Martijn,
This is possible although not yet available, so you'll have to implement it yourself.
The following site will give you a good idea of what is involved in creating OAuth secured REST services: