I need to integrate 2 api with each other.Can i use laravel passport for this? My first api generate secret, second api use this token in every request ang getting user data by secret. I didn't find a solution for this in the laravel passport. Seem to be it only provides authorization via oauth2.
What you want to use is web tokens as opposed to oauth.
You need to use jwt for this:
https://jwt-auth.readthedocs.io/en/develop/laravel-installation/
Andrew Schmelyun on youtube shows you how to do this easily :
Securing a Laravel API in 20 minutes with JWTs
Update: Alternatively you can also use Laravel Sanctum for simple SPAs:
https://laravel.com/docs/8.x/sanctum
Related
i need help in laravel api i want to make api in laravel and i am making api in laravel using auth . means i make api using simple auth without and token .i am just doing simple login and then maintain auth for api and web both side . so what i have to do in this case . i am confuse in between auth and token(through jwt) based api which is better and secure. and which i have to work on.and for auth i am not generate any api token for dashboard apis.
I have a database of users that work with web login based on laravel sessions. Now I want to generate an api token for each of these users for an api login, how can I generate it? I have already migrated to the database for this new column but I need each user to have their api token.
I'd recomment you to use Laravel Passport. APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
If You need session mechanism then You should use Laravel Passport.
But if You are building traditonal stateless REST Api then you can use API Authentication
I'm new to Laravel. I learnt, Passport allows to authenticate API using OAuth2. But I needed solution to use API-Key in Passport to authenticate.
Can anyone provide any resource and information how could I achieve solution?
I am going to build an SPA with Laravel and Vuejs.
Since this will be my first large application using this combination, I had some questions that I wanted to ask because I didn't find a clear answer:
1: Authentication. When searching on the internet I found a lot of topics about authenticating with a JWT token. What is the advantage of using such a token instead of normal authentication? If I authenticate in the "normal" way and check for auth()->check() in my application I have the same result no?
2: Routing. Since I will be using Vue-router, my application will have Vue and Laravel based routes. Does that mean that the Laravel routes are defined as API calls? And should they be in the API route group then? Or are they just normal routes that belong to the application?
JWT tokens have some advantages over traditional session base authentication. For example you don store session data on server and save server resources , jwt tokens are available in your request amoung multiple servers and so on...
For further reading check this article :
https://float-middle.com/json-web-tokens-jwt-vs-sessions/
2.Yes you should use laravel routes as restful apis
I am kind of confused about recognizing the discrepancy between Laravel Passport and tymondesigns/jwt-auth package. Do they actually serve the same purpose of API authentication via tokens?
As long as Laravel Passport was introduced in 5.3+, is one supposed to use Passport instead of tymondesigns/jwt-auth package in the latest versions?
The "tymondesigns/jwt-auth" is a PHP Laravel implementation of the JWT protocol. On the other hand, Passport also uses JWT by default plus a huge extra, a complete Oauth2 implementation. Regarding the functionality, as I said they both use JWT thus you can use whichever you like to authentication via tokens. They both do their job and you'll have a secure API tokens implementation.
The difference comes if you would like a lightweight API tokens implementation or the plus of the Oauth2 server to allow more and other apps to communicate with your app. One of the most common cases would be how some random apps ask Google or Facebook for your user information. If you implement the Oauth2 server your app would allow any other app with a proper token to ask for data from your app.
"[...] Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server that is maintained by Alex Bilbie." from https://laravel.com/docs/master/passport
For more details, I have made an explanation of Laravel Passport, JWT, Oauth2, and Auth0.
2021, Dec.
Laravel Passport does not sopport PHP 7.4. "psr/log" demands PHP 8. In case of PHP 7.4, use other solutions than Laravel Passport.