I am making REST API with Laravel 5.3 and I need to make social logins with Google and Facebook. I need to create middleware for that, but I have a problem: I can not find a way to retrieve a user. The problem is: how to detect a provider (Google or Facebook) in middleware? I have this code:
Socialite::driver($provider)->stateless()->user();
But how to detect $provider? Or maybe you know another way to retrieve user, when there are multiple providers?
Related
We built an API (which currently contains just a single route) to give access to specific data to another company we are working with.
The API calls this other company performs to our endpoint are server-side.
The API has been created with Laravel 8.
To give more context to the question, our system gathers coordinates that are sent by our GPS devices, and we want to give access to the coordinates of a specific set of GPS devices to the other company.
The coordinates are stored in our database, and the API route is just doing a SELECT query which is only allowed to access the data of these specific devices.
Searching around the internet, I saw that Laravel Sanctum can help providing API tokens to consume an API. My question is, can we use Laravel Sanctum for the current workflow? Is it suitable?
The examples on the documentation demonstrate we can do something like this:
$user->createToken('token-name', ['server:update'])->plainTextToken;
But, in my case, there is no user for the other company. If Laravel Sanctum is ok for that, should I create a specific user representing this company? or maybe another Model (and database table) just for companies? Even if we only have one in our case.
A token can be generated for any model that has HasApiTokens trait.
Since you need it for authentication purpose, I think the easiest solution is to create a user that represents the company and generate a token for that user.
This way, if the user call the API with a correct token, Sanctum will authenticate the user and you can get the user using Auth::user() in the API action method.
I am creating a new rest API using Laravel 5.6. For API authorization, I have implemented Passport and it is working fine.
However, I want a system where anyone who wants to access any route of my API including register and login that requires token.
I am thinking in this way but not so sure how I can implement in Laravel.
I will issue one static token and will store into database.
I will encrypt that token and will provide to the client in my case
mobile app.
Mobile side the token I will store into shared preference so no one
will have direct access.
When mobile send a request to access any route of API, it has to pass the token in the header with the custom key
API will decrypt the token and match with the database one.
If it matches that will allow accessing the API.
Then later I may use the Passport token to add additional layer or security.
My question is,
How to implement this system in Laravel so I don't have to write code
for every request and all request pass through this validation?
I have written an api for a project that uses, oauth2 to authenticate users, and lock down that api to only people with an access token, and it works fantastically well, we have a route group that looks like this,
Route::group(array('prefix' => 'api', 'before' => 'oauth'), function() {
});
The problem I am now facing is that scope of the project has changed and we need to extend the api a little bit. Basically at the moment, the API is used to create projects, and a project a can have a team that can CRUD a project.
The scope has changed now so that a project can also have client user who can follow a unique link to monitor the progress of the project, and update certain aspects of the project.
The problems are 2 fold,
1) You cant do anything on our API without an access token, so even a GET request for data to build the page would be turned down for a client user.
2) To get a access token you need a username and password. The key thing for a client user is that do not need to login, they should be able to just get a unique URL in email, and then load the project.
I figure that creating a custom grant type would be the best solution is that correct? If that is correct does anyone have any guidance on creating one?
If that is not the best way what other options do I have available to me?
need your ideas.
I have a ZF1/Postgres application. It has its own users and all that.
Now I would like the whole application to be API-driven. I started to build
RESTful resources in a new Laravel 5 application. The Laravel app will talk to the same Postgres DB. Eventually, I want to get rid of all the DB calls within the ZF1 app, so that Laravel app is in charge of that.
The question is: I would like to add authorization for each API call, so that I know which users produce those calls and could act accordingly. What is the best way to authenticate users, so they could access Laravel endpoints?
If you want to use RFC-standard oAuth2 authentication, I would go with https://github.com/lucadegasperi/oauth2-server-laravel
Assuming you do, you'd probably want to use the "password" grant-type for internal authentication. Your client would hit the /oauth/access_token endpoint for a token using the user's username and password, which would return an access token good for the rest of the API.
To protect a route, you'd put it in the Route::group(['before' => 'oauth']...) section. To access an oauth-protected endpoint, you'd put the token in the HTTP header "authorization": "bearer ".
If you aren't using the standard laravel Users model, you may have to do a little tweaking. Most of it is covered in the oauth plugin wiki.
If the API is not public and there isn't any change to access it directly from the internet I wouldn't use any authentication. I would pass the userId in a custom http-header and and authenticate via Auth::loginUsingId(1) this will be cheaper then doing real authentication stuff. Therefore you have to map App\User to your existing user-table.
If you want to do real authentication take a look at RESTful Authentication
For inspiration on how to use Laravel for a REST-Service take a look at the dingo/api package (currently only Laravel 4, 5 is in progress).
I am developing a web application in Laravel. Now I'm in the process of creating an android app. I need to create a web service (back end) in Laravel, but I don't know how to manage the sessions (auth) in the request.
My idea is to create a unique token for every session, and store it in a database. So, every request need the token be included, and my backend will check if the token is valid or not.
How can I modify the login functionality that comes with Laravel 5.0 to create an return the token?
I read the documentation and some articles in the internet, but it is still not clear to me.
You can create a token during registration of the app which should correspond with the user id. This token will be used together with the user id anytime you call any of your api's to authenticate the user.
You can create a filter named custom_authentication and check for the token validity inside that filter. Now just apply this filter before every routes, which you want to be authenticated.
Using only simple authentication token is not very secure, you need to go with HTTPS always.
If you want to make the API secure with HTTP, you might have to implement OAuth with the help of packages like this.