REST Service security

We are building a multi tenant application that should provide REST services for a mobile app and a php website. Some of the webservices can have anonymous access, others should only be accessible for authorized users. As far as I understand I should expose a REST service with the REST module ( The REST module will attempt to pick up any client session that is available (useful when invoking the service from a browser, using Ajax for example). If no such session is found, basic authentication needs to be provided to send credentials to the service. I would like to expose a "login" service so the clients can show a login form and validate the username and password against the service. The customer wants to use a more "advanced" security mechanism then basic authentication, like for example OAuth. Is this possible?
1 answers


This is possible although not yet available, so you'll have to implement it yourself. The following site will give you a good idea of what is involved in creating OAuth secured REST services: