I am making a backend CMS for my android and iOS app and have implemented the APIs. But I am struggling with securing them. I have tried using Laravel Passport but I failed to use it. I want to ask if my apporach to secure them is right? Should I use passport or is there some other way to secure my apis? And how do I do it? Any help will be appreciated.
I am using laravel 5.4.
Related
I am new to Laravel and for practicing I am trying to create a website like GoFundMe but simpler with Laravel and Vue js.
But am very confused with Laravel's authentication systems, even though I have read most of the questions here.
Which authentication system should I use ? is it ok to use Sanctum for authentication and then Spatie for user permissions?
You have to have a clear concept of the topic authentication & authorization first. You may use Laravel Sanctum powered by Laravel framework as well. Because it provides authentication support for SPAs (single-page applications), mobile applications, and simple, token-based APIs. You may also have a look at passport later.
After passing your authentication, the topic authorization comes. You may use Gate. But as you are new to Laravel framework, then it seems to be a good choice to use laravel spatie for managing your permissions. But keep in mind that, it uses Gate concept under the hood.
I am trying to build a restful api using Laravel-8. Already I have setup Laravel-Passport for api authentication. Now I want to do API versioning for the Laravel-8.
I've heard about Dingo being used with jwt-auth. But I am using laravel passport.
Which api versioning package can I use for the restful api with Laravel Passport auth?
Thanks.
You don't need a package for it. You just need to set-up your Laravel project correctly.
Take a look at:
https://medium.com/mestredev/versioning-your-rest-api-with-laravel-646bcc1f70a4
I have a Laravel project with a passport api. I want my other websites to connect to this same authentification. In the future, even ios and android apps can authentify too. How can i set my other laravel projets to use this api oauth? Can i guard my pages with it?
Before doing anything i want to know if this is possible or if there is a better idea of doing this.
Short answer: Yes, this is possible!
Long answer:
Passport provides OAuth2 which is the very same authentication protocol used by Sign in with Facebook and sing in with GitHub etc.
So your app with Passport is the user provider and your other apps are consumers. In the case of the consumers any OAuth2 client will do the trick (as long as you can create a custom provider for your Passport "server" app).
Laravel got your back with that too with: https://laravel.com/docs/5.8/socialite. You can create a custom provider for your Passport "server" app.
TL;DR: Just like you would implement "Sign in with GitHub" (if you did that before) you can implement "Sign in with my Passport app" by writing your custom OAuth2 provider.
I cannot show much code since this will be highly specific but I do hope my story helps you find the correct packages/articles on how exactly to do this for your use case!
Well, for quite some time now, i've been doing some research on which plugin to use in Laravel 5.2 for the purpose of authenticating users in my website via their social networks accounts.
I wanted to use Hybridauth, but it is not compatible with Laravel 5.2, it is compatible only with Laravel 4.2. So, i was thinking of using Socialite, but the thing is that i want to give my user the ability to post his social network status via my own website.
So, is there a way that i could give my user this ability using Socialite?
Laravel Socialite handles authentication only.
You can get an access token for the various social media APIs using socialite, but the package does not offer any methods for interacting with those APIs.
If you want your user to be able to post to social media accounts you will need to write the code to interact with those APIs for use a package which provides that functionality, but it is beyond the scope of Socialite.
We are building a firebase mobile app and need to put some payment (paypal) logic on a custom PHP backend (Laravel).
The question is what is the best solution to do authentication on the PHP side?
Currently we are thing in using API-Key library like https://github.com/chrisbjr/api-guard
Is there any better solution?