I am developing a website in laravel 5.1. I need to write code which will communicate with some other system using API call. Other system is projected by oAuth. So I first need to authenticate my system using oAuth and then i can make the api.
I am not sure how i can achieve this in laravel. Any help on this is highly appreciated.
There are multiple ways you can achieve your goal.
Laravel Specific Method
There are many packages for handling oAuth Authentication.. e.g. OAuth Service Provider for Laravel 5 from github. You can search similar other packages and use them.
Guzzle
As you need to call the api anyway after the authentication, you need CURL or other packages to do the call. Here Guzzle can help you. Also you can use Guzzle to code your full oAuth Authentication.
Plain PHP Method
You can use OAuth class library to code the oAuth Authentication OR use CURL
Personally I've used Guzzle only to get the Code, Access Token, Refresh Token etc. I hope you'll manage to use Guzzle for this purpose.
You should take a look at laravel/socialite and its documentation here.
This library currently supports Facebook, Twitter, LinkedIn, Google, GitHub and Bitbucket, but it will be pretty easy to create your own custom provider. Just take a look at source code on github.
Other than this you could use some standalone OAuth library like league/oauth2-client. There is also library dedicated for first version of OAuth.
Related
I want to use the Immobilienscout Api but I'm struggeling to get the authentication done since it uses a three-legged OAuth. I can only find oauth1 and oauth2 packages on the web for laravel and there is only one deprecated php sdk from the developers out there. Does someone know how to connect to a 3-legged oauth api through laravel/php?
thanks in advance for your help!
I'm trying to implement Oauth2 server library into my fuelphp api. I've been following this tutorial and this one.
I understood and was able to complete the 2nd tutorial, but that doesn't deal with integrating OAuth into Fuelphp.
What I'm wondering, is how to integrate OAuth2 into my api, I just want to replicated a login? Has anyone any other tutorials on how to do this?
Where in my fuelphp directories do I put the Server/ token/ authorization code?
Thanks very much
FuelPHP uses OPauth under the hood and it's use is documented in the official Fuel docs
The server tokens, authorization codes, etc are stored in the opauth.php config file.
The documentation for accessing the Quickbooks Online API seems to revolve around creating applications for public use. I'm only interested in developing an app to access my very own Quickbooks file. However, I'm having difficulty authenticating.
I successfully obtain all the necessary codes and can run API calls in the API playground. My preference would be not to use any libraries (including the Quickbooks PHP library as it does not support JSON).
I have spent hours searching but I do not know how to 'sign' the various secrets and codes to obtain the Oauth token needed. Does anyone have working PHP code?
I'd like to simply be able to input in the values and make the API calls via curl.
I have spent hours searching but I do not know how to 'sign' the various secrets and codes to obtain the Oauth token needed.
You sign the code using OAuth. This is a well documented authentication method, with many implementations.
Does anyone have working PHP code?
Sure:
https://github.com/consolibyte/quickbooks-php/blob/master/QuickBooks/IPP/OAuth.php#L77
https://code.google.com/p/oauth-php/
https://php.net/manual/en/book.oauth.php
https://pecl.php.net/package/oauth
https://github.com/Lusitanian/PHPoAuthLib
My preference would be not to use any libraries
OAuth is not a trivial authentication method. You should use a library to sign your requests -- it will save you a lot of time vs. implementing your own OAuth signatures.
I am building my first rest API for an iOS app.
The framework I use for buidling the API is Laravel.
Everything works great so far but I am not sure on how to log users in using the API.
Could sessions work here? Im already using SSL/HTTPS but I dont wanna authenticate users on each
request, so whats the best way to only make them log in once?
Also, should oAuth work fine here?
If you have any examples on how to log users in on a Laravel built api please share.
Thanks in advance
With my experience, Laravel built in Authentication component is just be able to applied to normal authentication via form, session and cookie. To handled API authentication, I have used these methods, hope that one of them is suitable for you.
OAuth 2
With the help of lucadegasperi/oauth2-server-laravel, you can make your API secured via OAuth flows. More documentation can be found at the package wiki on Github or the PHP League Oauth2 home page. You can use filters to secure your API routes as follow:
Route::get('protected-resource', ['before' => 'oauth:scope1,scope2', function() {
// return the protected resource
}]);
However, OAuth need a database to save client credentials and some more settings, if your API is not so complicated, this solution may not suitable.
HTTP Authentication
This solution is more simple than OAuth and I recommend using it with an SSL (HTTPS) connection because the authentication information can be visible why using this. The packages I used before is Intervention/httpauth. You have two options with authentication method by using this package: basic (send a base64 encoded of the combination username:password via HTTP header) or digest (use MD5 algorithm to encode your information before sending via HTTP header). This solution does not required any database.
I have a main website (which contain all data) and multiple client websites which fetch data from the main website. Each client website has access to different set of data on main website. I want to create a PHP based web API for this. This is my first API so I am not sure what is the best and most secure way to do this.
After some googling I found OAuth to be the most common authentication method for APIs. however in my case I want the client website to be configured once and then the communication should be automatic, i.e. communication should take place in background without any user interference. Is OAuth required for this scenario?
Or is there any other method I can implement here?
oauth is way to complicated to implement for your needs.
If you are using rest, i suggest using a basic-auth in the header and using SSL so that your communication is encrypted.
You could make a small SecurityFilter that checks if for any request with a url pattern /api/ that the basic-auth is correct and that it use SSL...
It really depends on how you are exposing your API.
If you are using REST, HTTP Basic Auth over HTTPS is sufficient. I see a lot of people try to implement their own solutions when the provided approach is quite sufficient.
If you are using SOAP, there is a SOAP-based approach you could use: WS-Security (which is just a standard using anything from SAML assertions to OAuth tokens).
If passing Basic Auth credentials over HTTPS is too "open" for you, in that the credentials are saved in config on the client server somewhere, OAuth2 is probably the best solution. Doing OAuth on the server side wouldn't require any user interaction. You just store your tokens in a server config and let the OAuth library take care of the rest. PHP has a library for this PHP OAuth Library. There are plenty of OAuth2 libraries for PHP. Just Google it.
After some more googling and research I found answer to my question:
The scenario I explained is an example of 2-legged oauth (one can find many articles about 2-legged and 3-legged oauth)
Also, OAuth is not difficult to implement, infact for a developer with good knowledge of API and Auth system its very easy.
Here's a link of very good php OAuth library with example code http://code.google.com/p/oauth-php/