I'm going nuts over here! I've got a website I am making in CakePHP that will form the back end of a mobile application. It is not a mobile website, it's designed purely to be used for a smartphone application.

That being said: The application needs the user to login. But I just cannot seem to find the right way to implement this. The BasicAuthenticate AuthComponent seems to hate me and doesn't make debugging easy. There's an OAuth 2.0 Provider plugin for CakePHP 2.0, but I can't figure out how to make it 2 legged, as the app won't be relying on the website to display a login form.

I really need to figure out which of these paths to take and how to make it work but just neither one wants to work. Anybody have any info on what I need to do?

Update The Basic Auth issue turned out to be due to Virtualmin preferring to use FCGId to allow the process to run as the same owner as the content of the website. I have since switched it back to mod_php and it works fine.

So my question is now more about using cakephp-oauth-server in a 2 legged setup.

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());
    if($this->name == 'Specific') {
            // for the specific controller
            $this->Auth->authenticate = array('Basic');
    } else {
            // everything else
    }
}

checkout KVZ's rest plugin it may be of interest https://github.com/kvz/cakephp-rest-plugin