I want to create a webapp using Laravel framework with a sort of custom authentication system.
I 've an external API like this
https://xxx.xxx.xxx.xx/subscribers/v1/?source=XXX&licenseplate=AB123AS
and to use this api i need to generate a token that after some period expires.
To generate this token i need to consume this service
https://xxx.xxx.xxx.xx/oauth/v2/accesstoken?grant_type=client_credentials
This Api tells me if the customer is covered or not and has as input parameters: source and license plate.
So my goal is to create a login form with these 2 parameters (source and license plate) input by customer that consume that API and only if it returns covered, customer can access a reserved area and do some stuff.
How can i do this in Laravel?
I have to create a new service provider, new user model and guard? How? :S or use in some way auth2.0 integration?
Thanks
Related
I have to implement OAuth for graphql API in Magento, I went through the documentation of Magento but I found that only we can authenticate by using username and password
https://devdocs.magento.com/guides/v2.4/graphql/authorization-tokens.html
https://devdocs.magento.com/guides/v2.4/graphql/mutations/generate-customer-token.html
We are creating a PWA application and web application is going to use it directly
Is there any other way to authenticate means any other authentication layer
Including this below to this very old question, if in case some others coming across this question.
Magento Graphql in the core implemented currently to handle more of frontend user request which will be in the form of either asking for some data that's either only to read or submit personal data (such as placing order with address)
There are modules available with the support of Graphql to handle E2E ERP sync (products & order fulfillment) , OOTB does not support everything that you might able to do with the use of oAuth Integration token + REST API.
You would want to determine the actual outcome or scope to decide on the authentication / authorization mode and then decide on the API layer medium. If in case of Integration token based approach is what decided for data / access security reasons then REST API will be easier option for the most of the OOTB functionalities.
I have API backend and it will be consumed by different consumers like our own company website and even other website can use our API with certain quota/limitation and for this scope management we will be using express-gateway(eg), however this is not the only reason I am using express-gateway(eg). Now coming to my problem/miss-understanding, for our own website we can create api-key and user credentials using eg command. But for the other user who wishes to use our api, I don’t want them to contact me for this integration, rather they should be able to create a user credentials and API key themselves using some facility (let us call it key management) provided by us. Here I am stuck how to give a web platform or any other mechanism where a user can create account and then create api-key for their own website. I was thinking to extend the express-gateway app itself and create page where a website owner can fill the form with various input field that will serve as parameter for eg command and I can trigger eg command in node console and create credentials and save it in redis database and then fetch those information to show it to user as their use rid and api-key. But I want to know the best way how others are doing, like how google, twitter and many more are allowing to create api-key, delete key and regenerate the api-key on compromise. Some suggestion would be to use third party tool to manage user-credentials, I will have little inertia to accept that, even if I do so how will I hook those third-party solution to my express-gateway.
In general, API gateways and authentication servers are independent, or at least loosely-coupled. The typical workflow is:
A user browses to the Create Account page for a service.
The user creates an account with the authentication server
The user makes a request through the API gateway
The API gateway checks with the authentication server whether the operation is allowed, discarding it if the user is not authorized to perform the requested action
The API gateway dispatches the request to the appropriate server
The receiving server checks whether the user is permitted to perform the action (in case the API gateway has been compromised)
Express Gateway includes its own authentication server for convenience, but the steps are basically the same. The difference is that one uses the Express Gateway Admin API to create the user and credentials rather than going to a different server.
Note that Express Gateway and its default account database (reddis) are not persistent out of the box.
As my app is designed using flutter and all my app endpoints are created using Springboot. So can call direct APIs using Feignclient in Springboot to create my own endpoint to list all the envelopes for one recipient?
Do we have any endpoint to get all the envelopes by using the recipient name or email id? for example XYZ user needs to sign in 2 envelopes then using XYZ can we be able to fetch those 2 envelopes?
Yes, you are very welcome to call the eSignature REST API directly and not use an SDK. Use API version 2.1. About half of the developers who use the API do so directly.
Updated: authentication
To call the eSign REST API, each of your API calls must include authentication via an access token. You can obtain an access token via an OAuth flow.
If your users have DocuSign user accounts, then they should login/authenticate via Implicit grant assuming that you're using Flutter for a mobile app.
If your users don't have DocuSign accounts (they are signers, not senders), then you need to have a backend server that can securely use the JWT grant flow to obtain an access token on behalf of a "system" account such as "finance#example.com"
If you have questions about authentication, please open a new question on StackOverflow.
https://developers.docusign.com/docs/esign-rest-api/reference/envelopes/envelopes/liststatuschanges/
This endpoint has lots of filtering options including:
email={email_address} Limit results to envelopes sent by the account user with this email address.
user_name must be given as well, and both email and user_name must refer to an existing account user.
user_name={user_name} Limit results to envelopes sent by the account user with this user name.
email must be given as well, and both email and user_name must refer to an existing account user.
I want to make a interface so that user can register and login themselves at citrus using PHP technology and use that wallet in their payment. Does citrus provide any API for this?
Yes, Citrus-Pay does provide APIs for Integrating with Wallet where you can define your own interface.
Alternatively, you may also use the standard UI provided by Citrus. If you want to go forward with APIs,
1) Get a signup token using the API mentioned in this link: https://developers.citruspay.com/documentation/wallettab/identity-profile/oauth-token-api/
2) Call Find Or Create User API as next step. This API will trigger an OTP to the customer's mobile number passed in the request.(A Citrus Wallet is uniquely identified by a mobile number)
API on dev guide: https://developers.citruspay.com/documentation/wallettab/identity-profile/find-or-create-a-wallet/
3) Now this OTP has to be entered in an appropriate API.Which API to be used is told in the response of find or create wallet API called in step 2. (Password-based login is also supported).
It could be sign in with MOTP API ( for an existing citrus wallet customer) or verify mobile and sign API ( for new wallet accounts just being created)enter link description here
4)You will get a full access token (prepaid_pay) in response.Pass this in header of all other APIs which you need to call on behalf of user.
5)For Eg: To make a payment using the customers existing wallet balance , use the following API : https://developers.citruspay.com/documentation/wallettab/pay-using-citrus-wallet/make-payment/
Hope this helps
I am building a mobile app in which the users need to be authenticated via TrueVault which is a HIPAA compliant data store. TrueVault offers a REST API and generate an access token post basic authentication. They have endpoints to check token validity etc too.
We need to do 2 things:
1) Authenticate all users via TrueVault and store the auto generated TrueVault id in Parse to facilitate data mapping.
2) Setup an interceptor in Parse which verifies the access token with TrueVault before serving any protected resource.
What would be the simplest and most efficient way to implement the above? I have gone through the tutorial to add Third Party oAuth to the mobile apps, but TrueVault does not have oAuth in place yet and thus needs authorization requests via Basic Auth only. Also, would we need Cloud Code for the above or Custom Web Hooks?
Thanks
Sameer
i would suggest you to use retrofit, Gson(or jackson) and rxjava(rxAndroid) in order to handle all api calls, i made a quick overview to the api documentation and this libraries should work for this problem.
links:
https://github.com/square/retrofit
https://code.google.com/p/google-gson/
https://github.com/ReactiveX/RxAndroid
Cheers.