I'd like to know is it possible to extend the built-in authentication to use an external API to authenticate a user? I'm a Laravel newbie, so I'd appreciate your help.
I'm making a custom app in Laravel 5.2 for my client, but I don't a direct access to their database server and I can only call their API to get users' details.
Thanks.
If I understood correctly you want to log users from APIs like facebook, twitter or github for example ? If that's so you need to use a laravel package named Socialite, here is the link to download and use it :
https://github.com/laravel/socialite
run on your command this :
composer require laravel/socialite
Next you need to tell laravel you want to use this package, so you need to add this in config/app.php :
'providers' => [
// Other service providers...
Laravel\Socialite\SocialiteServiceProvider::class,
],
and this is the aliases :
'Socialite' => Laravel\Socialite\Facades\Socialite::class,
Basically, you'll need to create an app on the developers site, i'll take facebook for this example.You need to go to this site :
https://developers.facebook.com/, create an account and you'll get your app url and secret key. You'll use it on your .env and config/services files.
In your config/services file add this after stripe :
'facebook' => [
'client_id' => env('FACEBOOK_ID'),
'client_secret' => env('FACEBOOK_SECRET'),
'redirect' => env('FACEBOOK_URL'),
],
And in your .env file :
FACEBOOK_ID=*your facebook id*
FACEBOOK_SECRET=*your facebook secret*
FACEBOOK_URL=http://yourwebsite.com/callback
Next you'll need a controller to handle the auth process, create something like SocialAuthController and put this in :
public function redirect()
{
return Socialite::driver('facebook')->redirect();
}
public function callback() {
$user = $this->findOrCreateFbUser(Socialite::driver('facebook')->user());
session([
'user' => $user
]);
return redirect()->route('/');
}
public function logout() {
session()->forget('user');
return redirect()->route('home');
}
protected function findOrCreateFbUser($fbUser) {
// the data you want to get from facebook
$fbData = [
'facebook_id' => $fbUser->id,
'avatar' => $fbUser->avatar,
'username' => $fbUser->name,
'email' => $fbUser->email,
];
$user = \App\User::where('facebook_id', $fbData['facebook_id'])->first();
if(!$user) $user = \App\User::create($fbData);
$user->update([
'avatar' => $fbUser->avatar,
'username' => $fbUser->name,
'email' => $fbUser->email
]);
return $user;
}
Of course you need to add a facebook_id field in your user database and model.
In User.php :
protected $fillable = [
'facebook_id',
'username',
'email',
'avatar'
];
I know this solution isn't really dynamic as it is for only one api, i'm still pretty new at Laravel too and this is my first answer to a stackoverflowquestion, but this did the trick for me :) If I forgot something don't hesitate to tell me so i can update this answer..
I also suggest you follow Jeffrey Way's tutorial on social auth on the Laracasts website, it's very instructive and clear, i could manage it thanks to him !
Related
We have the need to login user ONLY via OpenId (exactly Microsoft Azure AD OpenId Connect).
We understand how to use Socialite but we would like to integrate with Backpack For Laravel, because app is 90% base cruds and because we already have a paid licence.
How to integrate socialite with backpack for laravel?
Also ... we should integrate it with laravel-permissions that it's very easy to integrate with backpack for laravel
If you need socialite, I recommend not using the Backpack authentication at all. Just disable everything related to authentication in your config/backpack/base.php file (the routes mainly), code your own controller logic with socialite and plug in your own auth middleware and guard within that same config file, so that Backpack uses your auth instead of the default one.
It will be easier to code and maintain your own logic, rather than mangling the default auth to work the way you want it.
This is actually a working solution
config\backpack\base.php
'guard' => null,
.env
AZURE_CLIENT_ID=0e8b592f-asaaaasd4eac-a368-d0d52dbc14e0
AZURE_CLIENT_SECRET=b2r5442
AZURE_REDIRECT_URI=/sso/callback
config\services.php
// See https://socialiteproviders.com/Microsoft-Azure/#installation-basic-usage
'azure' => [
'client_id' => env('AZURE_CLIENT_ID'),
'client_secret' => env('AZURE_CLIENT_SECRET'),
'redirect' => env('AZURE_REDIRECT_URI')
],
Packages installed:
"laravel/socialite": "^5.2",
"lcobucci/jwt": "^4.1",
"socialiteproviders/microsoft-azure": "^4.2",
routes\web.php
Route::get('/login', [\App\Http\Controllers\AuthController::class, 'login'])->name('login');
Route::get('/sso/callback', [\App\Http\Controllers\AuthController::class, 'ssoCallback']);
app/Http/Controllers/AuthController.php
use Laravel\Socialite\Facades\Socialite;
use Lcobucci\JWT\Configuration;
....
public function login()
{
return Socialite::driver('azure')->scopes(['openid'])->redirect();
}
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect("https://login.microsoftonline.com/common/oauth2/v2.0/logout");
}
public function ssoCallback()
{
try {
$user = Socialite::driver('azure')->user();
}
catch (\Laravel\Socialite\Two\InvalidStateException $e) {
return redirect(route('login'));
}
catch (\GuzzleHttp\Exception\ClientException $e) {
return redirect(route('login'));
}
// Read the claims from token JWT using Lcobucci\JWT package
$configuration = Configuration::forUnsecuredSigner();
$token = $configuration->parser()->parse( $user->accessTokenResponseBody["id_token"] );
$claims = $token->claims()
// This is an example, it depends by your jwt
$full_name = $user->name;
$email = $user->email;
$app_user = User::firstOrCreate([
'name' => $full_name,
'email' => $email,
]);
auth()->login($app_user);
}
User doesn't stay logged in when I use setIdentity.
$user = $this->Users->get(1);
$this->Authentication->setIdentity($user);
$userInfo = $this->Authentication->getIdentity(); // Returns good.
$this->redirect('Somewhere');
Somewhere:
$userInfo = $this->Authentication->getIdentity(); // Returns null.
I am not using form. There is no POST happening only dynamically setting user based on some algo...
Application.php
public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
{
$service = new AuthenticationService([
'unauthenticatedRedirect' => '/login',
'queryParam' => 'redirect',
]);
/* $fields = [
'username' => 'username',
'password' => 'password'
];
$service->loadIdentifier('Authentication.Password', compact('fields')); */
// Load the authenticators, you want session first
$service->loadAuthenticator('Authentication.Session');
return $service;
}
You are setting the principal information on the Authentication but you loose it on the next request because it's not persisted (I'm sparing you the "http is stateless" song...)
Part of your setIdentity should also be persisting the identity. This can be achieved in different ways:
in the session, when using sessions
in a JWT token, when using tokens
Here is how AuthenticationService does it in persistIdentity. I suggest you also have a look at the JWT auth configuration.
I’ve two Laravel based projects and I want to login with API which the first project provides and use this authentication in the second project.
in the LoginController in second project:
public function login(Request $request)
{
$login_response = Http::post('{first_project_login_api}', [
'data' => [
"email" => $request->input('email'),
"password" => $request->input('password')
]
]);
if ($this->attemptLogin($login_response)) {
return $this->sendLoginResponse($request);
}
}
protected function attemptLogin(Response $response)
{
return $response->object()->status === 200;
}
In the second project, I don't need to database because I want to authentication in the first project but does not seems to be possible!
actually I need to know how to overwrite attemptLogin() function in LoginController.
It would be highly appreciated if anyone can advise me!😊
Instead of using login between application, i would use API keys. The easiest way to get started is to use simple API Authentication.
First create migrations for the user table.
Schema::table('users', function ($table) {
$table->string('api_token', 80)->after('password')
->unique()
->nullable()
->default(null);
});
To get keys, set them on the user either in Tinker, command or creation.
$user->api_token = Str::random(60);
$user->save();
Protect your API routes with a middleware.
Route::middleware('auth:api')->group(function() {
// your routes
});
Calling your api is as simply as.
response = $client->request('POST', $yourRoute, [
'headers' => [
'Authorization' => 'Bearer ' . $yourToken,
'Accept' => 'application/json',
],
]);
This is a fairly basic setup, for production or moving forward you should look into Sanctum or Passport. This is just a good start, from where i feel you are based on your question.
Integrating Firebase in "RESTFUL API" for the first time. The data had to sync into two databases i.e. MySQL and Firebase but the data didn't sync in Firebase.
Installation of firebase sync trait
composer require mpociot/laravel-firebase-sync
The configuration code to integrate Firebase into my API :-
'firebase' => [
'api_key' => 'AIzaSyCbOasfdsfdsfds',
'auth_domain' => 'restasdsaful-asdfs.firebaseapp.com',
'projectId' => 'restful-23aasdfsf60',
'messagingSenderId' => '8445794551330',
'database_url' => 'https://restful-sdfsdf23a60.firebaseio.com',
'secret' => 'mZ93YRkZ9ZErQvvtJyFKmRopsdfcwUEE5ImoMW89hWB',
'storage_bucket' => 'restfulas-23a60asda.appspot.com',
],
Note: for security reason I have changed values of configuration attributes.
Path where Firebase had been configured. config/services.php
The process that I applied for Syncronizing the Model.
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Mpociot\Firebase\SyncsWithFirebase;
class Demo extends Model
{
use SyncsWithFirebase;
protected $fillable = ['task','is_done'];
protected $visible = ['id', 'task', 'is_done'];
}
Please suggest a solution if there's any error in my code or any alternatives for this kind of problem. Thanks in Advance!!.
You can do like this:
use Firebase\Firebase;
class FirebaseController extends Controller
{
public function storeTask(Request $request){
$FIREBASE_URL = 'your_url_key;
$FIREBASE_SECRET = 'your_firebase_secret_key';
$fb = Firebase::initialize($FIREBASE_URL, $FIREBASE_SECRET);
$fb = new Firebase([ 'base_url' => $FIREBASE_URL, 'token' => $FIREBASE_SECRET,]);
$nodeSetContent = $fb->push('msg', $request->all());
return response()->json(['data'=>$nodeSetContent]);
}
}
you can take reference from this link (https://github.com/eelkevdbos/firebase-php)
I know how the basic auth works for sign up/login on Laravel. However, I want to learn setting up how to do user sign up (for Password Grant). I set up Passport (2.0) - Passport Grant, and I can get token; however I couldn't find anything for user signup. Then I found a topic here explaining that I should call the oauth/token internally, but also couldn't figure out how to achieve it exactly.
So what I thought is creating a signup() method in a controller and handle user registration on my own, but then how would I pass necessary data to oauth/token route? Because what Laravel uses for $request is Request $request but what Passport uses is ServerRequestInterface $request and when I vardump the $request on oauth/token's issueToken method, it's totally different Request $request.
// Setup new method
public function signup(Request $request) {
// do validations
// create user
User::create([
'email' => $request->username,
'password' => bcrypt($request->password),
]);
$client = \Laravel\Passport\Client::where('password_client', 1)->first();
$oauthData = [
'grant_type' => 'password',
'client_id' => $client->id,
'client_secret' => $client->secret,
'username' => $request->email,
'password' => $request->password,
'scope' => null
]
// Here, I got confused how to pass this `oauthData` to `issueToken()` route
// and it takes it as `ServerRequestInterface $request`
}
Someone did it likes this here, but no idea how I should exactly implement this approach. Because my /oauth/token route's post method issueToken() is like this:
public function issueToken(ServerRequestInterface $request)
{
return $this->withErrorHandling(function () use ($request) {
return $this->server->respondToAccessTokenRequest($request, new Psr7Response);
});
}
I am very confused and couldn't figure out how to overcome this. What is the right way of handling such scenario where I need to signup users through api?