Important: Please read the Qt Code of Conduct -

Application logic and best authentication methods with PHP server side.

  • Hi Guys,

    I am writing a small desktop application which proceeds some system commands and communicates with a PHP serverside script running on a normal shared webhost. I also need to transfer quit big files into both directions. like around 100mb of size.

    I first startet the programming with a RESTful approach with oauth2 bearer type authentication and a simple REST api on the server. I am using pipacs o2 at the moment for the auth. One important thing for me was that the app should use quite common ports and protocols because the network where I want to use it is quite restricted in this.

    The deeper I go into the topic I am thinking that there is maybe a more secure and more simple way of authentication between the server and my desktop app. I do not really like the oauth2 style . Also the communication could be more easy. I thought about websockets which for me seems like a more closed mechanism. But I think i can not transfer files with it.

    Can someone of you with more experience give me a hint what would be a better or good way to solve my needs?

  • Moderators

    If I understand you correctly, you don't need to have anything in common between your desktop application and oauth2. The "client" for oauth2 is your PHP server application, or am I misunderstanding something?

  • The server is managing the main logic and providing tasks to the client desktop app. Which than does the job and provides back an image for example. The desktop app is more like a worker which works autonomously after starting and authenticating.
    I could use cookies as well which might make things easier. The Server at the moment is a small php slim framework rest api. Since the api is not meant for many different client apps it maybe dont needs a strict REST paradigm or similar.

    Its more like a get job request from the client and providing resulting data files to the server.

  • Moderators

    Sorry I still don't understand who's authenticating where and how is oauth2 involved in all this.

    I could use cookies as well which might make things easier.

    I would think you not only could, but rather need to use cookies. How else will you distinguish between clients connected to you PHP service?

Log in to reply