I am developing a store.
For some routes that are public, I need to get the user's information if the user has entered the site. I use Laravel Passport. I use Middleware for private routes, but for this route, I need people to access it without entering the site.
Related
I am trying to use a API which has a postable address where you can verify if a customer's username/password is correct, if so it returns a user ID.
What would be the best way of handling this, I need to query that postable API from the login form on my Laravel website to see whether or not a username / password is validated.
How can I use Laravel's Middleware to store a USER ID and session securely?
How can I create a Laravel session to allow someone to login to my Laravel site using their WHMCS client login?
The API I am using is https://developers.whmcs.com/api-reference/validatelogin/
I am newbie with laravel.
I understand that in order to protect routes, you have to first check if a user is authenticated and a session is made. thus, we apply auth middleware in the web routes.
However, I am trying to implement laravel passport and now I am not able to proceed to my routes anymore since I have been authenticated using the passport.
My question is that is it possible to secure the web routes with passport token instead of laravel session? and if so, how one should do it?
Thanks, sorry for english, not native speaker.
Laravel passport is for API routes not for web routes you can use laravel session for web
for more details read it's documentation
https://laravel.com/docs/8.x/passport
I'm a newbie in Laravel. Can someone explain what is the difference from web, auth, and guest middleware in Laravel 5.8?
auth middleware allows only for authenticated users to access the routes and your logic behind it. For example, only auth users can create questions and give answers.
guest middleware can only be accessed by unauthenticated users. For example, login and register page.
And web middleware is a group of middleware that you commonly use in your application. Such as cookie encryption, csrf token verification, and etc.
So I'm creating a laravel app where part of the front end lives on a cold fusion site and the people interacting with my API are not "users", just people signing up for seminars/consultations. My question is I've been able to grant tokens using the grant_type client credentials and in the web.php file with ->middleware('client') attached to the route (or a route group for multiple routes) it works just fine. However I've been told to move them into my api.php file and everything. I cannot seem to get it to work. In postman all I get for a response is to be brought back to the login page because I am not a logged in user. Any ideas?
in api file every middleware that wants to check credential use authorizing it means you should use laravel passport for
I have a route that is used by another application and by users, it needs to be secured.
I would like to restrict access to only the Authenticated Users OR Authenticated Application Clients.
Is there a way to allow both types of access? Or should I create a separate endpoint for both, with the users using a route with 'auth' middleware and the clients using a route with 'client' middleware?