Unsolved Application logic and best authentication methods with PHP server side.
I am writing a small desktop application which proceeds some system commands and communicates with a PHP serverside script running on a normal shared webhost. I also need to transfer quit big files into both directions. like around 100mb of size.
I first startet the programming with a RESTful approach with oauth2 bearer type authentication and a simple REST api on the server. I am using pipacs o2 at the moment for the auth. One important thing for me was that the app should use quite common ports and protocols because the network where I want to use it is quite restricted in this.
The deeper I go into the topic I am thinking that there is maybe a more secure and more simple way of authentication between the server and my desktop app. I do not really like the oauth2 style . Also the communication could be more easy. I thought about websockets which for me seems like a more closed mechanism. But I think i can not transfer files with it.
Can someone of you with more experience give me a hint what would be a better or good way to solve my needs?
If I understand you correctly, you don't need to have anything in common between your desktop application and oauth2. The "client" for oauth2 is your PHP server application, or am I misunderstanding something?
The server is managing the main logic and providing tasks to the client desktop app. Which than does the job and provides back an image for example. The desktop app is more like a worker which works autonomously after starting and authenticating.
Its more like a get job request from the client and providing resulting data files to the server.
Sorry I still don't understand who's authenticating where and how is oauth2 involved in all this.