I'm currently working on a project (that's almost done :D) but I've run into a bit of a wall. I allow users to sigin with one of their social media accounts. I then store the UID, Url, Avatar and the rest of the details in a table for each account.
Each account then has a User or Recruiter Object associated with it. This way you can link multiple accounts to a single profile.
I'm currently working on the API which will allow recruiters to search for candidates and candidates to search for recruiters and jobs. But I have no idea on how to implement authentication.
I had a look at how Github does it and read a few articles (Like This Post) and they all suggest that I implement a OAuth Server for use with the Api.
But as I am a OAuth Consumer myself is this wise ?
Have any ideas on what would be the best way to implement authentication that would still allow Users and Recruiters to control access to their account from the API but would not be reinventing the wheel?
If I am going about this wrong please inform me :D
Used simple id and hash token like Amazon for now...