I'm using Laravel 7.3 as backend (admin panel) and API, and I have a multiple Nuxt websites authenticating with Laravel Passport. So I have the default User model for admin panel users and other user models, one for each Nuxt website. But Laravel Passport seems to be only working with the default User model.
How should I authenticate the users of the different Nuxt websites in such configuration ?
There are 4 functions that exist on the Passport Facade:
Passport::useClientModel(Client::class);
Passport::useTokenModel(TokenModel::class);
Passport::useAuthCodeModel(AuthCode::class);
Passport::usePersonalAccessClientModel(PersonalAccessClient::class);
You need to implement logic that ties your frontend model relationship to your backend, and instantiate the correct model for the given passport methods inside of a service provider.
Related
I have two table users and role and I need to log in using Laravel fortify only if user role is admin or showing error. I tried to do that using middelware, but i need to add the condition: If the user is not admin, he cannot log in.
You can read at laravel docs:
https://laravel.com/docs/8.x/fortify#laravel-fortify-and-laravel-sanctum
Some developers become confused regarding the difference between Laravel Sanctum and Laravel Fortify
And:
If you are attempting to manually build the authentication layer for an
application that offers an API or serves as the backend for a single-page
application, it is entirely possible that you will utilize both Laravel Fortify
(for user registration, password reset, etc.) and Laravel Sanctum (API token
management, session authentication).
Then you want to check role of user, you should use Laravel Sanctum
I have two separate projects. One is Laravel for RESTful API and the other is Vue SPA.
If the frontend is also handled by Laravel, then handling role and permissions is easy since we can use the can() and hasRole() method Spatie Permission provided.
However, we can't access this value in Vue SPA directly from the backend.
Is there any way I can control the permission in Vue SPA?
Thanks
Yes, you can send to the client, after a successful login, the user' data plus his roles and permissions, and create a Vue component named Can, for example, that only show something if the user has the role or permission to do so.
<can permission="post.delete">
<v-btn>Delete record</v-btn>
<can>
The Can component access the user data (which includes his roles and permissions) and check if the user has the ability to see the underlying content.
I have an app installed on many sites. There are two parts to the app: a dashboard for admins and a front end for visitors.
The admin dashboard consumes my Laravel API flawlessly when a user is authenticated via the Laravel Passport auth API. I need the front end app to communicate with the Laravel API anytime a visitor (non-admin/not logged in) loads the front end.
The problem is authenticating the front end API request to only allow interaction with the correct organization's records.
How do I get Laravel Passport to create an API key based on a logged in user, return it to the admin, and authenticate some requests using this API key?
Using Angular 9 for the admin and front end apps, Laravel 7 for the API
I ended up switching to Laravel Sanctum for this project because it is more suited for this kind of project.
I am new in laravel. I have installed laravel 5.4. I have installed laravel inbuild auth. but I want to create own login & registration with two user type . one is customer and another is for admin with different functionalities for two user types. using custom controller,model route without using auth.
In my laravel project, I want some admin and user role. I want to make user login in different routes after login. And also for admin also. How should I do it?
You should first make 3 table in your database; user, role and user_role. user_role table has many to many relationship. Then you will make a middleware that checks your role checks when login. In your route, you use that middleware in login's post.
See details about middle ware in laravel 5.3 documentation.
https://www.laravel.com/docs/5.3/middleware
You can try laravel 5.3 boilerplate. It comes with a full featured access control system out of the box with an easy to learn API and is built on a Twitter Bootstrap foundation with a front and backend architecture.