Laravel-Authentication: Passport vs Sanctum - laravel

I am new to Laravel and for practicing I am trying to create a website like GoFundMe but simpler with Laravel and Vue js.
But am very confused with Laravel's authentication systems, even though I have read most of the questions here.
Which authentication system should I use ? is it ok to use Sanctum for authentication and then Spatie for user permissions?

You have to have a clear concept of the topic authentication & authorization first. You may use Laravel Sanctum powered by Laravel framework as well. Because it provides authentication support for SPAs (single-page applications), mobile applications, and simple, token-based APIs. You may also have a look at passport later.
After passing your authentication, the topic authorization comes. You may use Gate. But as you are new to Laravel framework, then it seems to be a good choice to use laravel spatie for managing your permissions. But keep in mind that, it uses Gate concept under the hood.

Related

Which Auth is usfull in Laravel / VueJS project?

I am planning a small project and have a question about authentication. I would like to implement the site with Laravel 8. However, as soon as the user has successfully logged in, he should be directed to the user dashboard. The User Dashboard should be a pure VueJS Single Page Application.
Now my question. Which auth should I use here? Session or token for the whole site or is both possible and useful?
If I use the token auth variant, for example, then I can protect the Vue app very well but I cannot access the user information outside the Vue app. For example, the current profile picture of the user should appear in the navbar and not only in the vue app but also on the landing page, contact page etc.
How can I do this and what will be the best practice and thanks for your help!
Use token based Authentication
(Laravel Passport)
Use Token-based authentication system.
In this way, you'll be able to manage the entire application UI and role checking in the frontend only. I would rather prefer to go with JWT [https://jwt-auth.readthedocs.io/en/develop/laravel-installation/]. It's easy to use and the documentation is pretty good. It's even supported by Lumen also. If you wish to integrate any micro-service in your application future, then it's available in Lumen micro-service also.

Many web/ios/android apps connecting to the same Laravel Passport authentification

I have a Laravel project with a passport api. I want my other websites to connect to this same authentification. In the future, even ios and android apps can authentify too. How can i set my other laravel projets to use this api oauth? Can i guard my pages with it?
Before doing anything i want to know if this is possible or if there is a better idea of doing this.
Short answer: Yes, this is possible!
Long answer:
Passport provides OAuth2 which is the very same authentication protocol used by Sign in with Facebook and sing in with GitHub etc.
So your app with Passport is the user provider and your other apps are consumers. In the case of the consumers any OAuth2 client will do the trick (as long as you can create a custom provider for your Passport "server" app).
Laravel got your back with that too with: https://laravel.com/docs/5.8/socialite. You can create a custom provider for your Passport "server" app.
TL;DR: Just like you would implement "Sign in with GitHub" (if you did that before) you can implement "Sign in with my Passport app" by writing your custom OAuth2 provider.
I cannot show much code since this will be highly specific but I do hope my story helps you find the correct packages/articles on how exactly to do this for your use case!

Information on laravel API

I need clear information about laravel API.
I've been reading lots of articles about laravel API. Beside choosing between JWT and laravel-passport—which is a whole different level of confusion—I need to get basic information about laravel API to make it clearer to me what's what.
Questions
Why does laravel passport need a database (what's the usage of those tables)?
If I change auth driver to passport in authProvider file, and not use api, would it affect my normal auth behavior?
If i use API (passport) do I have to use laravel-echo or any js library?
Laravel passport needs database to store tokens that are generated and used during authorization. Also, needs to bind these tokens to a specific users.
There are actually 5 new tables that are generated from migrations when installing Laravel Passport:
https://github.com/laravel/passport/tree/7.0/database/migrations
About using Laravel Echo or any js library is optional, and Laravel Passport does not require any of these.
See the Laravel Passport composer.json on requirements and other dependencies:
https://github.com/laravel/passport/blob/7.0/composer.json

Laravel default auth vs Token authentication

I start building a new app and wonder what will be the best way to implement auth - security wise.
What are the cons, pros, and differences between the Laravel make:auth and using jwt-auth.
Is Laravel's default auth will be enough?
This description is pragmatic approach so you can do something else if you want.
I think while developing an API you should use JWT based authentication mechanism.
The Json Web Token(JWT) tokens includes user information in itself. So it giving so much important benefit to manage session. First and most important of the benefits is you can be manage sessions without storing them at server. I would like to explaint it just to avoid misunderstanding, you can have store it at server but it's not necessary except a few scenario. These scenarios depend on how you could designed your authentication.
I able to do a lot of more explains about of it but in summary if you are developing an API I propose you would use JWT-Token.

Laravel 5.2 + Socialite + Update Status

Well, for quite some time now, i've been doing some research on which plugin to use in Laravel 5.2 for the purpose of authenticating users in my website via their social networks accounts.
I wanted to use Hybridauth, but it is not compatible with Laravel 5.2, it is compatible only with Laravel 4.2. So, i was thinking of using Socialite, but the thing is that i want to give my user the ability to post his social network status via my own website.
So, is there a way that i could give my user this ability using Socialite?
Laravel Socialite handles authentication only.
You can get an access token for the various social media APIs using socialite, but the package does not offer any methods for interacting with those APIs.
If you want your user to be able to post to social media accounts you will need to write the code to interact with those APIs for use a package which provides that functionality, but it is beyond the scope of Socialite.

Resources