Laravel provides routing for applications in general with their user login/register method.
However; My application is not able to take advantage of the CSRF token and sessions as it's View is powered by Phonegap so i'm forced to use another method of Authentication to ensure all requests from the Phonegap app to the Laravel Routes/Controllers are secure.
Is Laravel passport suitable for this or is OAuth2 used for something different? I just need a bit of guidance as i'm quite new to this method of authentication.
Laravel Passport or oAuth2 for that matter is used to authentic clients (mobile apps or web apps like in your case) to securely use APIs to access data.
So yes Laravel Passport is used to authenticate clients but the way you can use it in your project entirely depends on your exact requirements because if you are just planning to submit forms then you can still do it without using csrf tokens or latsbrl passport or oAuth2 but if you want to build a secure way of allowing tour clients/users to submit and channel data to your backend then yes you should use Laravel Passport.
Laravel 5.3 has a slight challenge interms of implementing laravel passport for APIs and to help you with that i have already written a detailed setup and usage write up here Laravel's 5.3 passport and api routes.
Let me know if you need any help as I have been using oAuth2 and laravel passport recently in almost all of my projects.
Related
I am developing a web app using Laravel, But I have to integrate the mobile application in the future. Now I want to ass API Authentication passport. I am a little bit confused how passport API handle multi auth system form multiple user and permission systems. Currently, I am using Laravel default auth to handle user. Is there any library for Laravel multi auth using API Authentication passport??
The thing you have to understand about Passport is that it is nothing more than a Laravel wrapper of the oAuth2 framework, specifically this implementation: https://github.com/thephpleague/oauth2-server
As such, you must understand how the different oAuth2 grant types work. I recommend reading up on oAuth2 to familiarize yourself with the concepts (I personally found this site to be the most helpful for understanding the different grant types: http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/).
Specifically to your question, take a look at Password Grant Tokens (https://laravel.com/docs/5.6/passport#password-grant-tokens) for use in a mobile app. Once you have your token, Laravel handles all the Authentication behind the scenes and you can use Auth::user() as you would normally, assuming you have Passport set up and configured correctly; the user is tied to the token and is independent of any other token and any logged in user.
As for permission systems, Passport uses scopes (https://laravel.com/docs/5.6/passport#token-scopes) which is a handy way of limiting what routes your tokens have access to. Aside from that, permission management for the Auth::user() is the same as any other user using your application.
EDIT:
Passport scopes are used to lock down routes, so they can be used. However, Passport is only concerned with authentication (ie, is this user valid) and NOT with authorization (ie, what can this user do). How you authorize users to do different things is 100% independent of Passport and is up to your web app.
We are currently developing a mobile application and a RESTful API in Laravel 5.6.
I have a question with regard to Laravel Passport, since I have seen some tutorials but I do not understand much what kind of authentication I should use for my RESTful API.
For now we are using "Password Grant Tokens".
Questions
Is it correct to use "Password Grant Tokens" for the authentication of a mobile application?
When Laravel Passport is installed it automatically generates 2 tokens. It is correct to use only these 2 tokens for all my users of the application or I must generate a token for each user.
I hope and you can help me.
Regards
I'm using UserFrosting to manage users with PHP, in my API and I want to use the login function in controller with POST method.
When i call the login function it return me as response
The CSRF code was invalid or not provided.
I still cannot get the csrf_token
Any idea?
There is a UserFrosting Sprinkle that implements JWT authentication: https://github.com/x00x70/tokeniser
Join us in chat if you have any questions about its use!
If you're developing an API (either for it to be consumed by an webplatform or mobile app) I belive it's better to have a different kind of authentication, namely, JWT authentication. In Laravel you have Passport to handle this Authentication with ease.
I'm not sure how userFroasting uses laravel but if laravel version is above 5.3 you can use it.
If it isn't there's always the option of making a costum JWT authentication.
Here is the latest documentation for Passport https://laravel.com/docs/5.5/passport.
Our challenge is below for our latest project. With the advent of the Laravel Passport API we thought of giving it a try instead of using the old https://mattstauffer.co/blog/introducing-laravel-passport that I guess everybody was using prior to larval 5.3.
So our challenge is how to implement Laravel Passport for our mobile apps since we need to register users through an API instead of the VUE login element provided in latest laravel.
Any help will be mush appreciated.
Laravel Passport API as if now doesn't support creating the user credentials other than using their VUE view component . So there is no way you can do that. So if that is very important for your business/project then I would advise sticking to Javascript for creating access/api tokens instead using standard Laravel Passport oAuth implementation.
The ideal diagnosis for such issue is to implement your own logic of handling creating tokens and oAuth user in respective tables in Laravel.
I have an application written in Laravel 5.2, I need to split this app in two parts, app A is responsible of the authentication and app B is responsible for the rest of the app.
Can someone guide me to make it working preserving data for policies?
This is a late answer, I solved my problem with a SSO server implementation for the users and use this to log in the main Laravel app.
This can be possible using the Passport and Socialite official packages.