I have two laravel app and each has separate authentication (login), now what I want is when the user successfully login to my first laravel app (login laravel app) then the second laravel app (serve as the main app) will authenticate the current logged user (successfully login). It's some sort of a global authentication where I have single separate login laravel app to be used in login and once use has logged in to that laravel app then he can automatically logged to any other app that was bind to that login app. Any ideas, clues, suggestions, recommendations, help please?
Honestly, I know this may not sound helpful, but there are lots of different ways this could be done, so it largely comes down to what your requirements/constraints are.
Things to think about:
How are your sessions currently managed?
Does there need to be a seamless transition or is it acceptable to log out users when the new system is in place?
Do you have the time and resources to implement a future-proofed solution or are you looking for a quick fix?
Do you have a roadmap for future development that might influence your implementation now?
This list is by no means exhaustive!
The answer is hiding somewhere in those questions but it is difficult to propose a true solution without more information. Think through the problem and the solution should present itself.
Related
I'm quiet new to slim, but I want to give it a try. I have created an application, which uses twig as view rendering.
A user should authenticate against a database (via a login form), before access administration. I created a login form, but now I'm stuck.
I found some libraries and middleware, helping with basic HTTP Authentification, but that is not quiet what I want.
I simply could store a session var, after checking the users information with my database, but is this actually secure?
Some people using authentication libraries, like Zend/Authentification oder Session.
Also, there is the whole token based authentification, but I don't know, if I should use this, when not creating an REST application.
I just want to understand, what does mean "secure" in a slim3 application and how to handle a user login with all it's aspects, to create a secure backend experience. Are there any libraries I should use, to build a middleware around?
Thanks for clarification/help.
I've been building applications in Slim for a little over 1 years, and I went through the same problem at the beginning, my tip for you is, as slim is meant to be a simple framework, it has nothing as default, so you you need to build the security of your application;
I started by trying some authentication libs, but starting to build mine.
Basically what i used
First I used Basiauth, with CSRF
Then I set out to build OAuth 2 authentication, ensuring token access to resources, and access rules.
For this I used a very powerful library https://oauth2.thephpleague.com/
I'm planning on creating a multi-page web app using Laravel as a back-end REST API and a Vue.js front-end to consume this API.
To be clear up front, I'm not interested in code snippets of exactly how to set this up, unless some will help visualize the architecture.
What I would like to know is how this 'Split-Stack' can be deployed in a completely separated manner. I.E. neither stack shares a codebase, and are stored in completely independent repositories.
I'm not very familiar with JavaScript frameworks beyond jQuery, so I think my lack of understanding lies mainly in the Vue.js department. Some questions which stand out in particular are:
Can a Vue.js application be hosted by a web server to serve static HTML files, if so, which one is compatible?
Can both the front and back end services run on the same server, on different ports for example, and what would be any best practices for this?
And how is login authentication affected by running a web app in this way, and should I be looking into creating some kind of OAuth authentication between the front and back ends?
After reading many blog posts, it is obvious that this architecture is possible, but I'm struggling to find details on how exactly this is configured to be completely separate.
The tools and technologies don't necessarily matter here, but any specifics for Vue.js and Laravel are appreciated.
I have a VueJS Front-End set up with an ExpressJS Back-End, which is very similar to what you are talking about. And yes, it is entirely possible. So let's take a look at each of your questions individually.
Can a Vue.js application be hosted by a web server to serve static HTML files, if so, which one is compatible?
Yes, when you run VueJS, you can either build it as a static application or serve it as a NodeJS Application.
See the Deployment section of the Vue CLI 3 documentation here. It explains how the /dist directory is used to serve the VueJS Application in the manner you are intending to.
Can both the front and back end services run on the same server, on different ports for example, and what would be any best practices for this?
I recently posted an example of how to host both your Front-End and API on the same server here. (Includes Coding Examples and Explanation). This answer references ExpressJS as the API, but the principles are the same. Really, just have your Front-End listening on port 80 and have your API operating on a different, unused port (ie: 8081).
And how is login authentication affected by running a web app in this way, and should I be looking into creating some kind of OAuth authentication between the front and back ends?
I handle all authentication on the back end. Basically, in the Vue Router, you can set a secure parameter. Then declare a router.beforeEach((to,from,next) => {}); call towards the end. This call should then check to see if the user has a valid login token and redirect them to the applications login page after setting a cookie with the URL the user was asked to login from so that they can be sent back to it after logging in.
In our case, we have the user redirected to the VueJS Route /saml/login. The /saml/login component. This component makes a call to the API and returns the address the user should be redirected to to login. In our case, it is the API (which is running on the same server, but a different port [see answer above]), www.example.com:8081/api/v1/saml_login. This then works with the IDP and receives the token and user data. This is also where you would perform you ACS functions (provisioning the user, updating the login time or user data, etc.) After receiving the token, it is placed into a cookie or other placeholder so that it can be used to validate against the token stored in the Database when the user was validated initially. (It is a best practice to set expiration's on your tokens). The user is then redirected to the url stored in the cookie that lets us know where they were asked to sign in from so they can view their content without having to look for it again. (Happy to share code on this if you want)
I think using Firebase or Auth0 Authentication is one of the best ways to do this. Firebase or Auth0 will take care of all the authentication for you and allow your backend to verify the authenticity of your front end. So that makes it much easer to separate the two.
There is an admin SDK for connecting Laravel to Firebase and there are templates and existing authentication SDK's for Vue. There are a few articles which sort of describe it but I haven't seen anything that pieces it all together yet. I was able to figure it out from 2 or 3 different articles and it ended up being easier than I thought it would be.
slightly losing my mind here and I would really like some help to get me pointed in the right direction.
I'm using a shared Linux server on GoDaddy where I have two PHP websites with separate user logins authenticating with two separate MySQL databases. What I'd like is for a user to log into Site 1 and then be automatically logged into Site 2. And when they logout out of either site, they should be logged out of both sites.
I currently have SimpleSAMLphp installed and I'd really appreciate some guidance on how to setup the IdP and SPs. Am I right in thinking that the Site 1 and Site 2 are the SP's?
Any guidance would be greatly appreciated, this is my first ever SSO setup and I'm just a little lost.
To implement single sign on you need somthing common in both website to authenticate. Cookies won't help as there are two different site and it is not good to expose your cookies to a another website.
In general, SSO is implemented using a central serevr basically which handles the authentication data.
Basic steps are as follows:
For login, user is redirected to the common server and credentials get verified.
Central server sets the cookie for the login.
When your other website needs a login it checks the central server again using redirection.
Then, central server check the cookies and authenticates or redirect to login if not aythenticated before.
So, you can configure a central authentication server which check authentication and provide the appropriate response and both websites handle it accordingly.
But, Central server needs a common user database which in your case you clearly lack. So you can declare one of the websites as central or principle resource and expose APIs for other website which will expose its user base to verify the details.
Let one website handle the login process. If other needs authentication to be done it will redirect user to the main website and then handle the return response.
There is a lot to cover in theory but hope it would help.
Useful links:
Building and implementing a Single Sign-On solution
Basics of Single Sign on (SSO)
Can socialite authenticate from the CLI without the need to use curl? my purpose is to get data from angellist every two hours and store them in the database. so I thought I can have a scheduler to run every two hours. but I need to be authenticated and I don't want to use curl as socialite has many features already in place.
I love to hear your suggestions.
I recommend using Mozilla Persona for user authentication, that way you don't have to worry about which social login the user has/doesn't have.
It's probably easier to set up too, and you don't need an https certificate because the the authentication is happening elsewhere (like social auth).
Here's a link to the setup
Here's a link to the setup
Here's a php code example
I am using Yii framework, and have one Data Base for my web application,
and i have one data base for Mibew messenger (webim chat), so I have two different databases.
I have one log in page for administrator page, and chat messenger have it's own log in page,
what I want to do is when i log in with my administrator details (which are in Yii web app database) to be automatically log in Mibew messenger.
I use this messenger inside my application.
Any suggestion how can I fix this problem,
Sorry if my question confused you, I don't know how to ask it correctly :)
Thank you very much,
Cheers.
Only have one database containing the login details, and connect to that database with the other application just for the login details. Or build a login API for one of the applications to use.