I am new to laravel and making a login with the Google module in Laravel using Postman. I've successfully generated a Google access token. But how to make the whole module of login with Google in Postman? and Can we use that access token in other modules?
I think it is not possible with Postman.
there are two things will be possible
You can configure your app with Google and send information to server (Database) through API.
or you can create a webpage and there you have to create a setup to login with google and save information in database and send success or failure in form of response
Related
I'm writing a non-SPA app that needs to use an internal API. The API is called via AJAX requests. This is to provide the user with suggestions as they are typing, so I don't want the page to be reloading. The user must be logged in to access the API. The API doesn't need to be called from any other origin.
I have successfully got it working using Sanctum and API tokens. When the user logs in, I generate a token and store it in the browser session, and then send it with the Bearer header. This seems to work but is it the right approach? Should I just using the built in or web auth? I've been reading the docs but have just been getting kind of confused with all of the options.
I am currently using a API to validate Login Credentials.
I have gotten to the point where I am sending username/password correctly.
This API will return a bolean, depending on if those credentials are correct.
Along with the entire user's information, including their address etc.
How can I correctly store this into Laravel Auth, so I can use Auth::user etc in blade?
I do NOT have Database access, only API access to validate user login details.
I cannot create a local - Laravel database, as this application has to be completely API based.
I am using Guzzle to query the API.
You should try using JWT for authentication, implementing your own API Authentication can cause some security issues if not done right.
Also JWT for Laravel already has support for Laravels Authentication system
While implementing ZOHO CRM with our website.
We found that there is a 3 steps authentication process to use the ZOHO CRM REST API.
We are entangled with the auth token generation process.
We have the following queries related to this
How to generate 'auth token' in Zoho projects via API mode.
I am able to generate Authtoken via 'Browser Mode' but stuck in generating auth token via API mode !! We are calling below URL mentioned in the documentation :
https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.users.ALL&client_id={client_id}&response_type=code&access_type={"offline"or"online"}&redirect_uri={redirect_uri}
We want this to be automated to generate the "code" without hitting the "Accept" button and not have to do a self-client to generate the code every day?
This is not a good solution to go.
Do I need to generate the code every day manually? Isn't there any API to generate the auth code?
Please help me out.
Visit https://api-console.zoho.com/
and Make a self-client here
using self client code you will get secret id & client id & auth code
Add scopes and Generate
Using this auth code you can use to create a refresh token(its valid until you cannot revoke it)
using Refresh token you can create an access token(valid 1 hr).
used postman to quick creation.
Don't use Browser mode. used self Client.
using self client code you will get secret id & client id & auth code
using this auth code you can use for to create a refresh token(its valid until you cannot revoke it)
using Refresh token you can create an access token(valid 1 hr).
used postman to quick creation.
I've created a web application that uses the built-in authentication method for the web, once the user is authenticated he/she is presented with a dashboard page. At this moment Ajax calls to an API need to be made to fetch data for the logged-in user. What would be the correct approach to this to make it is secure?
As a next step, I would like to be able to use the API "stand-alone" as well, so a 3rd party could access the dataset through the API as well.
Right now I am looking into Laravel Passport as well as Spatie Permission package to help me with access control.
If you are using ajax calls in same domain it won't be problem with built-in authentication to give access to authorized users only, because tokens & sessions are accessible for laravel and you can get authenticated users by default.
If you want to make external api as well the best approach will be to use Laravel Passport and pass token in Authorization header as usual.
Hope this helps you
I have a Laravel 5.5 Application that's using the session based auth out of the box. On some of these pages I have react components that need to get/post data from/to an API.
What is the best practice for handling this? Do I simply hide the API endpoints behind the auth? This would work but should I be using Laravel Passport for this instead?
I've had a play with Passport and it seems that this would work but I don't need users to be able to create clients and grant 3rd party applications permission etc. There is just the first party react app consuming the data from inside the laravel application (view).
From my initial experimenting with it, it seems I'd need to have the login call made first to receive an access token to then make further calls. As the user will already be authenticated in the session is there an easier way?
I'm not sure if Passport is intended to be used for this purpose or not. I'd rather take the time to get it right now as I'd like to get the foundations right now if the app scales.
You can proxy authentication with Passport. Using the password grant type users would still log in with their username/password, then behind the scenes make an internal request to Passport to obtain an access token.
Restrict what routes are available when registering in a service provider by passing in:
Passport::routes(function ($router) {
$router->forAccessTokens();
$router->forTransientTokens();
});
That limits access to personal tokens and refresh tokens only. A client will be created when you run php artisan passport:install.
Setup a middleware to merge the password grant client id and secret in with the request, then make a call to the authorization endpoint. Then it's just a matter of returning the encrypted token and observing the Authorization header for requests to your api.