i need help in laravel api i want to make api in laravel and i am making api in laravel using auth . means i make api using simple auth without and token .i am just doing simple login and then maintain auth for api and web both side . so what i have to do in this case . i am confuse in between auth and token(through jwt) based api which is better and secure. and which i have to work on.and for auth i am not generate any api token for dashboard apis.
Related
I need to integrate 2 api with each other.Can i use laravel passport for this? My first api generate secret, second api use this token in every request ang getting user data by secret. I didn't find a solution for this in the laravel passport. Seem to be it only provides authorization via oauth2.
What you want to use is web tokens as opposed to oauth.
You need to use jwt for this:
https://jwt-auth.readthedocs.io/en/develop/laravel-installation/
Andrew Schmelyun on youtube shows you how to do this easily :
Securing a Laravel API in 20 minutes with JWTs
Update: Alternatively you can also use Laravel Sanctum for simple SPAs:
https://laravel.com/docs/8.x/sanctum
I have a database of users that work with web login based on laravel sessions. Now I want to generate an api token for each of these users for an api login, how can I generate it? I have already migrated to the database for this new column but I need each user to have their api token.
I'd recomment you to use Laravel Passport. APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
If You need session mechanism then You should use Laravel Passport.
But if You are building traditonal stateless REST Api then you can use API Authentication
I'm doing some Android app that needs API and users.
I'm planning adding login (and register) button via Facebook.
I'm wondering: how should the flow of such an operation look like?
My idea:
Request the Facebook token in the app.
Send the token to the laravel backend by POST request (is this even secure approach?)
Get the Facebook user by Facebook token using socialite
Create / auth laravel user using Facebook user.
Return laravel's bearer token to the app (do I need passport to get the token or laravel has something built in?)
Is this the best approach?
I'm new to Laravel. I learnt, Passport allows to authenticate API using OAuth2. But I needed solution to use API-Key in Passport to authenticate.
Can anyone provide any resource and information how could I achieve solution?
Me and my friend are creating an application. I'm using Laravel 5.4 as the backend and he uses Angular2 as frontend.
The Laravel project serves as a rest API with JWTauth token authentication.
Now I would like to make a small backend dashboard in the Laravel project that is only accessible by admins.
How would I go about using different authentication (with session) instead of tokens when I just browse to the api backend part?
This is pretty straightforward. Just apply the JWT auth middleware to the API routes and the normal auth middleware to your admin dashboard. You don't even need to tweak anything since JWT doesn't need changes to your table structure or need for changing the existing auth.
Build the backend dashboard using the built int auth scaffolding using the auth and guest middleware. For the api routes use the standard api middleware along with the jwt.auth middleware if you're using the tymondesigns/jwt-auth package. There will be no conflict with these two.
Bro use separate guard like
$loginUser = Auth::guard('web')->loginUsingId(12,true);