I am creating a new project which will use LDAP, web service and OAuth to authenticate users.
I will also have to use the role system.
With what technology could I create the project?
Laravel + Fortify, Laravel + JetStream or Laravel full custom
Thanks greetings.
I have tried to create it with laravel jetstream, but I have had to modify a lot of code in the laravel/jetstream project structure and it gets very messy.
The problem is that I have to work with a lot of LDAP, Web service and OAuth connections.
LDAP users will be authenticated by identification document, some of them with email.
It will be a mixed authentication system.
So the question is if I create the project using jetstream, fortify, or a fully customized project without using those templates.
If you want use ldpa auth you can use adldap2/adldap2-laravel package with standart laravel project
composer require adldap2/adldap2-laravel
In my case installed openldap,phpLDAPadmin tools also
Then change auth provider driver like this:
'providers' => [
'users' => [
'driver' => 'ldap',
'model' => App\Models\User::class,
],
],
Also ldap service creditionals in env file in my case:
LDAP_HOSTS="openldap"
LDAP_USERNAME=""
LDAP_PASSWORD=""
LDAP_BASE_DN=""
And other changes
I used this packages years ago with custom auth system but now I prefer use jetstream for that. You can use fortify for more control of frontend and auth funcionality if yours not standart authonticate system
Related
I have a website that uses SAML2 for authentication. I don't manage the SSO at all, rather my site is part of a portal that requires SSO authentication for entry. I currently have middleware that gets the SAML attributes from the request->server object, and then does a variety of tasks, like check to see if they have affiliations, if those affiliations are allowed, etc...
This middleware was added to the kernel so that it runs for every HTTP request. I want to revamp this middleware to make it cleaner, and to also use Laravel's native Auth facade (we're checking to see if a session variable for a user has been set to determine if the user has already logged in, versus auth->check(), for example).
I've read several tutorials on how to bypass the authentication that comes with the Laravel Breeze starter kit and make your own. None quite matches what I need to do, but the concepts are the same:
Create a model (using the User model that was already there, with a few tweaks)
Create a Service provider (created anew provider that implements the UserProvider interface)
Create a Guard (created a new guard that implements the Guard interface)
I can understand those three things and did them, but I am unsure of how to put it all together.
I updated my config/auth.php file to include the new guard and provider:
I then updated the boot method of App\Providers\AuthServiceProvider to include the provider and guard that I created:
But now what? I guess this is the part I am missing.
Can someone more knowledgeable help me fit in the missing pieces? I am using Laravel Framework 8.73.1.
Now you just need to protect your routes using the auth laravel middleware (assuming your guard and provider implementations are correct)
You have two options:
Replace the default guard. Open config/auth.php and look for the lines:
'defaults' => [
'guard' => 'web', // --> Replace with saml
'passwords' => 'users',
],
Now, add the auth middleware to your routes and you are good to go. You can use the Auth facade as described in the laravel documentation.
Keep the laravel one as the default, and use your guard separately. You just need to specificy which guard to use whenever you use the Auth facade or middleware.
The middleware you need to use is auth:saml, and the facade calls must be prefixed with guard('saml'). E.g. Auth::guard('saml')->user().
I wondering if it’s possible to use the SPA login(from Vue) using Laravel Sanctum to also authorise for Laravel Horizon?
I’ve done much googling and can’t find an answer to this. So far I’ve just had to make do with creating a custom middleware for Horizon that uses Auth.basic, which isn’t as user friendly as it would be to login via Sanctum and use the abilities to determine who can view Horizon dashboard.
Thank you.
According to this GitHub Issue Comment:
https://github.com/laravel/horizon/issues/65#issuecomment-412128134
Author: #francislavoie
So this is kinda hilarious. I found out that Horizon has an
undocumented feature to solve this.
https://github.com/laravel/horizon/blob/1.0/src/HorizonServiceProvider.php#L54
Horizon does try to grab its list of middlewares from config. This
isn't documented anywhere unfortunately.
You can simply add 'middleware' => ['web', 'auth'], to your
config/horizon.php.
So in my case, this became:
'middleware' => ['web','assign.guard:web','auth:sanctum'],
assign.guard is my own middleware because I have multiple auth guards going on.
I am doing a project in which I have implemented private chat in Laravel. But for the third party, we use OAuth but i have already used auth() in my project. Can I use both? OAuth is getting token, then communicate with Vue.js. So, I don't want to remove auth() functions in my project. Can you please guide me what to do?
Real time chat system in laravel project. I'm using separate Vue.js with Laravel.
Yes. You can use both OAuth and default Laravel Auth at the same time. In default, Laravel provides routes as web.php and api.php.
web.php: This route uses default Laravel Auth functionality
api.php: Routes defined here uses OAuth functionality
Make sure you use default driver as web in config/auth.php
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
Me and my friend are creating an application. I'm using Laravel 5.4 as the backend and he uses Angular2 as frontend.
The Laravel project serves as a rest API with JWTauth token authentication.
Now I would like to make a small backend dashboard in the Laravel project that is only accessible by admins.
How would I go about using different authentication (with session) instead of tokens when I just browse to the api backend part?
This is pretty straightforward. Just apply the JWT auth middleware to the API routes and the normal auth middleware to your admin dashboard. You don't even need to tweak anything since JWT doesn't need changes to your table structure or need for changing the existing auth.
Build the backend dashboard using the built int auth scaffolding using the auth and guest middleware. For the api routes use the standard api middleware along with the jwt.auth middleware if you're using the tymondesigns/jwt-auth package. There will be no conflict with these two.
Bro use separate guard like
$loginUser = Auth::guard('web')->loginUsingId(12,true);
I have a problem with adding middleware to existing routes of a vendor package. I building an API on top of Lumen (micro-services framework created by Laravel). I am using Passport for oauth authentication and imported this package: https://github.com/dusterio/lumen-passport to use Passport in Lumen. I have implemented a custom route for requesting a token and want to block requests to the existing passport route: /oauth/token. But I also need the route myself in order to redirect token requests from my custom route.
I have tried to override the existing route like this:
$app->post('/oauth/token', [
'middleware' => 'reject',
'uses' => '\Dusterio\LumenPassport\Http\Controllers\AccessTokenController#issueToken'
]);
But this throws a 500 back at me without Exception tracing.
I am using a custom route for requesting a token in order to set the set the token scope based on the role of a user. I am using the scope to check the role of a user (or app with other grant types), the normal token route of Passport should be blocked to everyone except Lumen self. With this only Lumen should be able to set the scope.
TLDR: How can I add middleware to package defined routes in Lumen.
The latest merge of https://github.com/dusterio/lumen-passport supports prefixing the passport routes.
I added "dusterio/lumen-passport": "dev-master", to my composer.json and Dusterio\LumenPassport\LumenPassport::routes($app, [ 'prefix' => 'api/v1/protected', 'middleware' => 'reject', ]); at the end of my bootstrap/app.php.
See this issue for additional information: https://github.com/dusterio/lumen-passport/issues/31