I've previously implemented Laravel Passport for validating users of an API.
I'm currently looking to use Laravel Sanctum. This will not be for validating users but for validating machine to machine interactions (i.e. API to API).
I've read through the documentation here: https://laravel.com/docs/8.x/sanctum
The above documentation is focussed around generating tokens for users upon logging in. This application has no users and simply needs to generate API tokens for machine to machine authentication.
How would a token be generated without users?
For Machine, to Machine, you have to use Laravel Passport.
Related
I'm a newbie in web development. Currently, I've learnt laravel framework and be researching about passport and socialite. I'm being stuck that after logging in the application successfully by their Facebook account how users get the access token for subsequent requests.
This has been implemented using Laravel Socialite. You can follow each step to implement Laravel Socialite.
You will get the information on how to create Secret Key & Access Key for social login.
https://github.com/jd-patel/laravel-social-login
I implemented JWT on the first VPS. On this server, I have controllers in Laravel and a database where users are stored. Now I want to add JWT on the second VPS. But JWT should get users from the first server. It should be something similar to login with a google password on different services or devices.
How to implement JWT on every next VPS? Are there any best practices for this solution?
On the second VPS, the user should only type his email address and login without entering the password if he is logged on the first VPS.
The first VPS should have some API, and when the user type an email on the second VPS it should ask the first VPS if a user is logged?
Looks like you are talking about SSO.
I did make a SSO feature using laravel passport.
So, the idea is you have a central app that handles authentication.
Any application that to login is considered a client. So, they will verify themselves as a valid client then you may obtain a user token from the client.
You may have a study on oauth2, passport.
I read https://laravel.com/docs/6.x/passport now and it is clear technically, but in which cases have I to use it to get
advantage comparing with laravel native auth or jwt/auth I worked before?
1) In config/auth.php 'guards' we set which auth driver would be used in the app
and it can be only 1 set. I mean we can not set passport and jwt/auth in 1 app?
2) Looks like passport can be used in case when we use blade page and form is submitted as we do in blade page as :
<form method="POST" action="{{ route('register') }}">
#csrf
I suppose there is no difference in blade forms definition using passport intead of native auth?
3) Also, passport can be used instead of jwt/auth in backend rest API and there is no difference in work of clients app
using this backend rest API ?
4) Is passport better/has some advantage in both cases or it is just one more replacement?
5) Please give some examples in which passport can be used / got advantage of using it may be in some other app types?
Thanks!
Laravel Passport is a Laravel package that allows you to integrate the OAUTH2 protocol into your application.
This means that when you want other services to retrieve user data from your application, or add data, they can request access for users. Users can give permissions for certain actions by clicking a button on the external site, logging in on their account on your Laravel site, and allowing access for the external service. Users are then redirected back to the other website, and after a few requests between the two servers, the external service now has the requested permissions to read or alter user data. This protocol is almost always used whenever you click "sign on with ..." since all large social media platforms have OAUTH2 integrations.
To answer your questions:
I believe this question: Laravel combine Passport authentication and normal authentication will answer your question.
Passport sits on top of default Laravel auth and needs this to authenticate requests. So users still have to have an account on your site to allow other websites to access your account.
There are big differences in how normal API auth works, and how Passport works. The biggest difference is that normal API auth should only be used for your site, not for external sites to fetch user data from your API. With OAUTH2, users can give certain permissions to websites, and using tokens, these external sites can perform certain actions on your site.
If you want to allow other sites to fetch account information from your site, you should implement Passport, if not, then using Passport has no large advantages.
Examples are things like Sign in with Google, or with Facebook, Twitter or GitHub, Even stackoverflow has an OAUTH2 implementation. Services can, for example, create new Facebook posts for a user, request all twitter posts from the last year or create a new issue in Github.
I'm developing a mobile app + SPA using Laravel as a web service. I'm not sure which grant flow will be good for this. I would avoid any third party login like facebook, google, etc. Id'like to handle user login simply with email and password. I want user to login only once on mobile app.
I had gone through some articles. I'm very confused. I found out 2 flows which might work here. 1st is implicit Grant & 2nd one is password grant.
If SPA is built inside your Laravel project you can handle user login simply with standard laravel authorization method.
For external use (mobile app or external SPA) you should authenticate users with API.
Laravel Passport mainly offers two way to handle this.
Personal Access Token
Fresh API Token
I suggest using the second one cause is the "Standard way" to consuming your web app with a nonsecure source.
Well, for quite some time now, i've been doing some research on which plugin to use in Laravel 5.2 for the purpose of authenticating users in my website via their social networks accounts.
I wanted to use Hybridauth, but it is not compatible with Laravel 5.2, it is compatible only with Laravel 4.2. So, i was thinking of using Socialite, but the thing is that i want to give my user the ability to post his social network status via my own website.
So, is there a way that i could give my user this ability using Socialite?
Laravel Socialite handles authentication only.
You can get an access token for the various social media APIs using socialite, but the package does not offer any methods for interacting with those APIs.
If you want your user to be able to post to social media accounts you will need to write the code to interact with those APIs for use a package which provides that functionality, but it is beyond the scope of Socialite.