I am having a PHP based application, that uses MySQL as the DB. I am currently trying to build a real-time messaging system for the users in the application. I have found Firebase to be a very good solution for building this. However, I am not sure if the architecture I am planning is compatible with the architecture am planning. Digging through the documentation didn't really get me the answers.
My Doubts are:
I don't want users to again login to use chat, so I want to
authenticated via the server (i.e from php).
I want, the further chat/messaging to happen from client to Firebase directly as I don't want to have unwanted overhead on my server, especially when a direct connection is not only supported but also efficient.
Can I authenticate via php and get some secret key or something and then use that to connect securely via Js?
I found this link which talks about custom authentication system. But am not sure, if this is what I have to use. And if the solution am planning is scalable and ok.
Firebase Auth persists the session on the client via localStorage/indexedDB and is a headless API that doesn't require a hosted server. So you are not required to authenticate the user via your server.
You can definitely build the messaging app entirely on the client with real-time database without routing traffic to your server. Here is an example of a chat app built with Firebase: https://github.com/firebase/friendlychat
If you already have an existing authentication system, you can use custom auth which requires that you mint a custom token after you authenticate a user with your system, you then send that custom token to the client and then signInWithCustomToken. Here is some code to create a custom token with PHP: https://firebase.google.com/docs/auth/admin/create-custom-tokens#create_custom_tokens_using_the_firebase_admin_sdk
If you don't have an existing auth system, you can entirely run the authentication on the client side. Another good library for authentication that is built on top of Firebase is FirebaseUI: https://github.com/firebase/firebaseui-web
Related
I've a big social networking project going on and I am amateur in web back-end. Although I've programming experience, I'm a beginner in the back end support.
I was trying to make a login page and was thinking if I use Firebase to do the user authentication? Then I would use PHP to do rest of the things like chat system or post system.
Is it possible to do so? If yes, then how should I start a session in Firebase and use it in PHP?
You can definitely use Firebase Authentication in your web site that is otherwise written in PHP. Key to realize is that in this case there are two places you need to interact with Firebase:
From your client-side JavaScript code, you will use Firebase Authentication to sign in, and get an ID token.
From your server-side PHP code, you then verify the ID token. You can for example use the open-source Firebase Admin SDK for PHP library for that. Note that this is not an official Firebase SDK, but in my (limited) experience it works well.
The general process for this is also described in the Firebase documentation on verifying ID tokens, it just doesn't contain the PHP bits.
Alternatively you can just stay within the Firebase ecosystem, and not use a PHP server. For example, you can store your data in Cloud Firestore directly from the client. To get familiar with this approach quickly, I'd recommend taking the codelab where you build a web-based chat app.
I have two websites, one is Wordpress and other is PHP. How to login Wordpress and my PHP app with the same credentials.
I need that when a user registers on my WordPress site he automatically appears registered on the PHP site.
I would suggest using OAuth 2.0 Server , a package by thephpleague.
It will allow you to turn one of your applications into an oauth-server, the second one being the client.
The oauth-server application would grant an api key to the client so that its users can login from the client application.
The same thing happens when for instance you login to Stackoverflow using your google/facebook account : google/facebook is the server, and stackoverflow the client.
I think using oauth would be cleaner, more secure and standard compliant than duplicating your users datas accross two web apps for the following reasons :
you would need to replicate each new user on any of your website;
compromising any of your websites would give the attacker your users credentials(login, password) for the two web apps, whereas with oauth he can't get the passwords of the oauth-server users while being on the client;
etc;
There are many other reasons but there a more experienced developers able to give you deeper explanations.
There's also a wordpress plugin that would fit your needs that you can find here for JSON Web Token Authentication.
I've developed a website with the usual crud functionalities in Codeigniter and MySQL. I'm now tasked with creating a mobile app (with the same functionalities ) in Ionic 2.
To access my database with Ionic, I created a REST api -- which I was able to manipulate smoothly.
My questions are:
How, or can I, use my MySQL users' credentials to log in on my Ionic 2 app?
How can my web and mobile can share the same database?
I've been reading a lot about Fire base,etc. However, my tiny brain is unable to comprehend whatever I read. If anyone can point me to right direction, I would highly appreciate it. Thanks!
When developing an Ionic App you have to think of it as if you were developing a regular website. The only difference is that you have access to native device features with cordova plugins, but the whole flow is almost exactly like in a regular website (it is an angular application after all).
This means you can use your API just like you use it in your website. There is no need to use firebase. (Firebase is kind of like a database itself that you could use INSTEAD of your MySQL backend)
Totally agree with #Andreas. When you build a modern application that supports on the different platforms such as web or mobile, you need to design a standard API and then next step is to build a web application/mobile app to consume this API. And because of all the web/devices are all consuming from the same API, they are interacted with the same database. Unless they are using different API.
Can refer to the image below for easy understanding.
So talk about how authentication and authorization can be done from the mobile app or from the web app. You should take a look at OAuth2. It is a protocol for securing API services from untrusted devices, and it provides a nice way to authenticate mobile users via what is called token authentication.
The workflow will look like below, on both web and mobile app.
A user opens up your mobile app and is prompted for their username or email and password.
You send a POST request from your mobile app to your API service with the user’s username or email and password data included (OVER SSL for sure. If you don't know about it, google it).
You validate the user credentials, and create an access token for the user that expires after a certain amount of time.
You store this access token on the mobile device, treating it like an API key which lets you access your API service.
Once the access token expires and no longer works, you re-prompt the user for their username or email and password.
Reference
REST API from PHP
The ultimate guide for Mobile Security
I'm working on a project where I'm developing a platform. As a solo-developer I made the decision to use Lumen as a PHP back-end and create an RESTful API.
Web shops should be able to install a plugin so they can access the API without having to code themselves.
I need to keep track of the web shops that use the API. I just need the same way to retrieve access tokens like Twitter and Facebook do when you register an app.
So I was thinking about OAuth2 Server but I have never used it before so I'm not sure if I'm on the right path...
If you want your own OAuth2 system then yes you will need a server running it.
The idea of OAuth2 is to authenticate your clients where a shop equals one client.
OAuth2 is not about individual users but clients. With that idea in mind you can setup an OAuth2 server and its only job would be to authenticate each request, make sure it belongs to a recognized client and then issue a token.
With that token you can then go on and issue more requests to actually interact with the system you are building. This is a very high level view of the entire system, of course.
There can be multiple variations on this, how tokens are issued, what type they
are etc. I prefer JWT ( JSON Web Tokens ) as it's JSON and thus lightweight.
A quick search revealed this: http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/
I do have my own article on building your own OAuth2 system, however it is based on dot net not PHP. You are welcome to use it though maybe it will help clarify the concept.
Here's the link : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
we have already developed a web app using codeigniter and now planning a mobile client(for android phones).The scenario is like this
1)mobile client will have a local db same as server db
2)After installing the app an authentication process is there
3)After authentication we need to download the data from server db to mobile client DB.
I have created one web service using REST api for authentication process and its working but for step 3 i need help.
Can i use REST api for that also or is there exist any other secure mechanism to sync server and mobile client DB ?
Can anyone suggest please!
Best regards,
First, you need create a very strong structure compatible with Oauth2, I recommended this library: Codeigniter RESTserver
After, you must know how works the Oauth2 protocol and implements it.
Read this tutorial, is old but good for your work: http://code.tutsplus.com/tutorials/working-with-restful-services-in-codeigniter--net-8814