Develop Reference

Best Approach for Laravel API Authentication [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 months ago.
Improve this question
So basically I understand REST API is basically stateless and we should not use session based authentication of API Routes. However, let's say if my application already has a session based authentication because it is a SPA. So I have a few questions.
How do we actually protect these api routes without using session, so that we can actually test these api routes on Postman etc ?
How can we achieve this without effecting the existing authentication system ?
Do we need to use Passport or Sanctum to achieve this?
Thank you.

If your SPA and API are on the same domain, you likely want Sanctum which uses sessions via cookies or tokens to manage authentication. Based on your question it seems like Sanctum would be the best fit for integrating with your existing authentication workflow.
If your SPA is not on the same domain as your API you’ll want to use either Fortify or Passport.
I would avoid Passport unless you require an OAuth workflow.

Either you can create a your custom authentication using JWT token in laravel to authenticate the API. For that you can use tymondesigns/jwt-auth a third-party jwt-auth library.

Vue SPA + laravel Passport: how to authenticate properly? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to figure out what's the correct way to authenticate users with Passport for a Vue SPA. I can't figure out which grant type I should use considering that implicit grant is not recommended by IETF’s OAuth working group and the other methods require to pass the client_secret with the request, I'm a bit lost...
I was thinking password grant but I receive a refresh token and it’s not really secure to store it in the localstorage.
I also thought about the cookie injected by laravel passport in every request but I can’t find out how to login from my SPA with this approach...
Any lead on what’s the best / more secure way to do this ?
Thanks!

Authenticate user without username and password , but using a token in spring [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have an android client which doesn't implement any username and password login, it user OTP for login. So i have only firebase userID. How can i configure WebSecurityConfigurerAdapter to use this firebase userID to authenticate user and we don't have front-end website for logging in.

you need to configure spring security to use a custom autenticationProvider, and use firebase API to verify your tokens sent as a header of you request, have a look at this example HERE

How can I provide a custom client-authentication-scheme property for OAuth2 [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am writing a Springboot application that needs to authenticate users to an OAuth2 client provided by another group. The OAuth2 client provides two authentication schemes: form and sso. The application I am building needs to use the sso scheme because the application has no option to redirect the user to a login form.
Spring security contains an enum that provides the security.oauth2.client.client-authentication-scheme options that can be used, sso is not one provided so I need to be able to somehow extend this or provide a custom option.
Ultimately the application needs to generate a GET request that will take this form: https://iapi.mycompany.com/authentication-service/v2/authorize?response_type=code&client_id=myClientIdHere&redirect_uri=https:/myclient.mycompany.com/redirect&state=someStateString&login_method=sso
As far as I can tell it's really only the login_method=sso part which is the custom part that needs producing. Any ideas on how I can convince Spring security to do this for me?

Turns out the solution is to comment out the security.oauth2.client.client-authentication-scheme property in application.properties and to append ?login-method=sso to the security.oauth2.client.user-authorization-uri property.
Final property looks like this:
security.oauth2.client.user-authorization-uri=https://iapi.mycompany.com/authentication-service/v2/authorize?login_method=sso

What is the best method to encrypt password in codeigniter [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Can anyone help me out to find the best encryption method for codeigniter?

hi you can use md5 php function to encryt password string while login you have to check hash of string with hash saved in database there is one good post for password encryption you can read that
stackoverflow post
here are two good libraries for creating encrypted password
PHP Password library
PHPass
codeigniter auth library like tank auth using PHPass for encrypting password

I generally use SHA1 with some static salt concatenated to it.

In few months a new php password API will be available.
https://gist.github.com/3707231
Its greatest advantage is that it hugely simplifies existing hashing APIs while still maintaining a high level of security.

Use password_compat from github.
Implements the new PHP 5.5 password hasing logic but you can use it now for older PHP versions
Link: GITHUB PASSWORD_COMPAT