The PHP getting started guide for interacting with Force.com seems to indicate that a user always needs to reauthenticate for each session with OAuth2, and that's my understanding of the protocol as well.
However, if a user just wants to be able to interact with APEX REST Methods without requiring the user to authenticate, they would use session id style authentication right...? Anyone know where the documentation to do this is via web-service calls in PHP?
Update
Like using a fixed set of authentication credentials to access the APIs
Attribution to: jordan.baucke
Possible Suggestion/Solution #1
If you want your server to authenticate with some fixed credentials, then you have 2 choices.
You can use the OAuth2 username/password flow, this uses the OAuth infrastructure, but allows you to programmatically get an access token given a username, password (and possibly security token), this is a simple POST request to the correct URL with all the parameters. see the online help for details.
You can use the login method in the Partner or Enterprise APIs. these will return you a sessionId, that you can then use in the REST API requests in exactly the same way you'd use an access token.
In either case, if your PHP server's IP address is not whitelisted, then you'll need to supply the users api security token in addition to the password.
Once you've gotten a token from either of these methods, you would use it the same way as a regular OAuth token, by putting it in the Authorization HTTP header of your Apex API request, e.g.
Authorization: Bearer {someLongTokenStringHere}
I would recommend you go with (1) unless you're already using the PHP toolkit to call the soap APIs.
Attribution to: superfell
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/785