I'm using the laravel framework. In my case, I need to save the data (login or register for example) in remote database on cloud.
But the communications with database and laravel, I need to use a rest api.
I have a php class in laravel with functions (login function for example) and in this function I have created the connection logic to my remote rest API (send email and password).
Now, I made connection to remote database and check if the email and password exists and return back a message (if true then I return the view, false i show a error message).
Till this it works fine. But I have a problem. Because I am not using the laravel authentication mechanism in routes file. I am unable to use the middleware to prevent direct access to routes without login. What is the best way to add this security?
I need your help. Thanks a lot.
Regards
It is also possible to create a local useraccount, with the credentials of the account recieved from the API. On this way, you can load all the needed data in your website and also use the auth middleware.
There are multiple ways to do so, maybe you can create your own cookie and check it before any output.
Related
First important information: I’m new to Laravel, so your patience is appreciated.
I’m currently migrating a framework of mine to Laravel and still in the early stages. I know that Laravel has it’s own database construction mechanism that is recommended to use the migrations and the Models, however, for my purpose, I’d like to use my own database that I use in other systems that I’ve built in the past. The idea for this system is to have a shared database, but operable through different tech stacks.
This is my current scenario:
Laravel 8
Sanctum 2.14
Frontend (Laravel):
I’ve built a very simple login page that has a controller and sends data (user and password) to my backend (Laravel). In the backend (different server), I grab the data and check if the data is correct. Being correct, I send a json response with some data, like:
returnStatus = true
loginVerification = true
IDCrypt = asdfasd4fa654sd54a (encrypted ID to grab in the frontend again)
Up till here, it’s working fine, as I wanted and very similar to my legacy systems.
My idea would be to get this response in the frontend, via auth token managed by Sanctum and use a middleware to check the token in order to let the user access some web routes.
I’ve watched some videos, but I’m only finding videos that use all the database mechanism that Laravel provides.
However, my intention would be to generate the token with data from my own table and data objects I created (without any existing Laravel´s models).
Is there a way for me to do this?
How would I set the token in the backend and include in my response?
How would I grab the token in the frontend in a secure way?
Lets say you have a model LegacyUser and this is your existing authenticable entity.
In this model simply override methods defined in the Laravel\Sanctum\HasApiTokens trait. Specifically createToken and the tokens relation for your use case by the sounds.
Then you can create tokens anywhere like usual with
$user = LegacyUser::find( $id );
$token = $user->createToken('token-name');
Then us the token as usual.
NOTE: if you're also changing how the tokens are stored/retrieved you'll need to set the token model, docs cover that here: https://laravel.com/docs/8.x/sanctum#overriding-default-models
If you want to avoid using authenticable entites (ie, no laravel models) entirely that's going to be more complicated and Passport might be a better shout, as client_credentials dont need to be associated to a user entity.
Alternatively: Write your own middleware that is compatbile with your existing auth process.
I am creating a laravel application using two laravel applications. The first laravel application will be used for handling API requests, the second one will be used for making a request to the first laravel application. The second application will also have a login form. On the submit of the login form, I am sending the form data to the first application which in return gives back the user data. Now what I want is to log the user into the second application without using its own database(second application database).
You can use JWT for authentication purposes.
In both MS you must use the same Signing Key
https://jwt-auth.readthedocs.io/en/develop/laravel-installation/
Firstly I'm a real beginner with Laravel so I will try to describe my problem as best as I can.
I am building a website using Laravel however the information on users will not be stored on my server but rather externally on another server.
The only way to access the user's data is through an external API; I am not allowed access to their database. The API request returns a token and I use this token to check with their server to see if the user is logged in.
My question is: how do I authenticate the user so that I can still use Laravel's out of the box guards.
It's really handy to use methods like Auth::check() to determine if the user is still logged in.
You'll either need to modify Laravel's default authentication middleware in app/Http/middleware/Authenticate.php or you'll need to create your own middleware class that runs the authentication that you need. Create a class in the app/Http/middleware folder and register that middleware. https://laravel.com/docs/master/middleware
I am developing a web application in Laravel. Now I'm in the process of creating an android app. I need to create a web service (back end) in Laravel, but I don't know how to manage the sessions (auth) in the request.
My idea is to create a unique token for every session, and store it in a database. So, every request need the token be included, and my backend will check if the token is valid or not.
How can I modify the login functionality that comes with Laravel 5.0 to create an return the token?
I read the documentation and some articles in the internet, but it is still not clear to me.
You can create a token during registration of the app which should correspond with the user id. This token will be used together with the user id anytime you call any of your api's to authenticate the user.
You can create a filter named custom_authentication and check for the token validity inside that filter. Now just apply this filter before every routes, which you want to be authenticated.
Using only simple authentication token is not very secure, you need to go with HTTPS always.
If you want to make the API secure with HTTP, you might have to implement OAuth with the help of packages like this.
I'm using laravel. I know it has a functionality to do login really easy. But, as far as I know it just work with the laravel database. However, I have the database outside of my server so I am using an API to get everything I need. My question is how can I still use the Authentication function using my API?
It is really easy to connect to the API and check if the user and password match, but after that How can I keep using the auth function of laravel for logout, guest and auth pages, etc.
Other example that may work if it is easier to you understand it that way is imagine that I have my users on a text file instead on a database.
Please help me and thanks in advance.
You could use Auth::login($user); to simply do it after verifying credentials using API