I'm integrating a 3rd party API in Laravel and it requires me to login to get the Authorization Token which expires after 60 minutes. How do I handle this scenario in Laravel?
You can Use this kind of some methodology
set database table in one field for api token
then set one job for check every one hour database in your api token exist or not
otherwise you can use Laravel Passport :
https://laravel.com/docs/6.x/passport
Related
I Just have my question why Laravel passport create a new token with each login or register process?
My database now ( just for testing)
notice with every registration process creating a new token, imagine if I have 100,000 users and every user has to assume 10 tokens, will this affect performance?
I'm new on Laravel passport
The tokens that Passport generates are meant to be long lived; Notice the expires_at column it shows about one year.
Passport is typically used by First party app like you own SPA/mobile app or by a third party Machine/API to get access to your app. This Oauth procedure (register/login) may occur only once per long time, for example a mobile app using your API: the users won't enter their credentials every time to open the app; instead the token is saved to mobile app storage and it's already long lived.
If you use your app like The Passport docs explains and suggests you won't end up with all these tokens.
Another thing you should consider running a scheduler to purge the tokens as the docs states:
# Purge revoked and expired tokens and auth codes...
php artisan passport:purge
# Only purge revoked tokens and auth codes...
php artisan passport:purge --revoked
# Only purge expired tokens and auth codes...
php artisan passport:purge --expired
Finally, Sanctum "previously Airlock" is here ✌🏻
I suggest you take a look at the docs and you will notice it's much simpler than Passport and probably what you need.
I have a database of users that work with web login based on laravel sessions. Now I want to generate an api token for each of these users for an api login, how can I generate it? I have already migrated to the database for this new column but I need each user to have their api token.
I'd recomment you to use Laravel Passport. APIs typically use tokens to authenticate users and do not maintain session state between requests. Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
If You need session mechanism then You should use Laravel Passport.
But if You are building traditonal stateless REST Api then you can use API Authentication
I have Oauth2 authentication in Laravel with Passport.
I want my first party clients have different refresh token expiration time.
I used client credential so, how can I achieve this with best practices.
I'm creating a SPA app with Vue.js (will be stored on remote server) and I'm confused as to what I should use.
At first I considered the use of Passport, but I don't understand how to make an API with Passport for 1st party only. Also I don't understand, how to make it quite secure if I need to send to the server my client-secret and client-id.
Then I read more about JWT, but there's no scopes for my tokens and no refresh tokens. It means if somebody stole the token from localStorage, then he will get access to this user permanently.
And one more question about the token access and API. I read a lot about different token expiration when it depends on its importance. It means token for changing password must be valid for a period of 5 minutes, but token for reading some information should be valid for 6 months. Is it right and how to do this right?
About JWT or Passport - what should I use then?
If you access api directory from client(using angular/react/vue js..) I suggest you to use Passport. in the passport there is a option call Password Grant Tokens, so user have to enter user credential and it'll generate a token(you can adjust the lifetime of the token) and when it expire you can refresh it. And yes if someone stole your token they can access your data
Read this if you want to know more:
https://stackoverflow.com/a/34983109/801448
I have created a Laravel 5.4 App, which is a REST based API for serving out data about our inventory to customers.
I have implemented Passport based Authentication, and My customers create a 'Personal Access Tokens' and use that in their client requests. All of this is working fine.
I now need to meter the usage of the API to figure out which user, and which token (by Name) is making the request.
I am able to get the User by using $request->session();, but how do I get the name of the Token that is making the request?
Laravel passport searches for valid tokens in 2 locations:
the bearer token
a cookie
When boiled down, you could use this method to find the token you seek:
$token = $request->bearerToken() ?? $request->cookie(Passport::cookie());