Well, for quite some time now, i've been doing some research on which plugin to use in Laravel 5.2 for the purpose of authenticating users in my website via their social networks accounts.
I wanted to use Hybridauth, but it is not compatible with Laravel 5.2, it is compatible only with Laravel 4.2. So, i was thinking of using Socialite, but the thing is that i want to give my user the ability to post his social network status via my own website.
So, is there a way that i could give my user this ability using Socialite?
Laravel Socialite handles authentication only.
You can get an access token for the various social media APIs using socialite, but the package does not offer any methods for interacting with those APIs.
If you want your user to be able to post to social media accounts you will need to write the code to interact with those APIs for use a package which provides that functionality, but it is beyond the scope of Socialite.
Related
I am new to Laravel and for practicing I am trying to create a website like GoFundMe but simpler with Laravel and Vue js.
But am very confused with Laravel's authentication systems, even though I have read most of the questions here.
Which authentication system should I use ? is it ok to use Sanctum for authentication and then Spatie for user permissions?
You have to have a clear concept of the topic authentication & authorization first. You may use Laravel Sanctum powered by Laravel framework as well. Because it provides authentication support for SPAs (single-page applications), mobile applications, and simple, token-based APIs. You may also have a look at passport later.
After passing your authentication, the topic authorization comes. You may use Gate. But as you are new to Laravel framework, then it seems to be a good choice to use laravel spatie for managing your permissions. But keep in mind that, it uses Gate concept under the hood.
I've previously implemented Laravel Passport for validating users of an API.
I'm currently looking to use Laravel Sanctum. This will not be for validating users but for validating machine to machine interactions (i.e. API to API).
I've read through the documentation here: https://laravel.com/docs/8.x/sanctum
The above documentation is focussed around generating tokens for users upon logging in. This application has no users and simply needs to generate API tokens for machine to machine authentication.
How would a token be generated without users?
For Machine, to Machine, you have to use Laravel Passport.
I am planning a small project and have a question about authentication. I would like to implement the site with Laravel 8. However, as soon as the user has successfully logged in, he should be directed to the user dashboard. The User Dashboard should be a pure VueJS Single Page Application.
Now my question. Which auth should I use here? Session or token for the whole site or is both possible and useful?
If I use the token auth variant, for example, then I can protect the Vue app very well but I cannot access the user information outside the Vue app. For example, the current profile picture of the user should appear in the navbar and not only in the vue app but also on the landing page, contact page etc.
How can I do this and what will be the best practice and thanks for your help!
Use token based Authentication
(Laravel Passport)
Use Token-based authentication system.
In this way, you'll be able to manage the entire application UI and role checking in the frontend only. I would rather prefer to go with JWT [https://jwt-auth.readthedocs.io/en/develop/laravel-installation/]. It's easy to use and the documentation is pretty good. It's even supported by Lumen also. If you wish to integrate any micro-service in your application future, then it's available in Lumen micro-service also.
I read https://laravel.com/docs/6.x/passport now and it is clear technically, but in which cases have I to use it to get
advantage comparing with laravel native auth or jwt/auth I worked before?
1) In config/auth.php 'guards' we set which auth driver would be used in the app
and it can be only 1 set. I mean we can not set passport and jwt/auth in 1 app?
2) Looks like passport can be used in case when we use blade page and form is submitted as we do in blade page as :
<form method="POST" action="{{ route('register') }}">
#csrf
I suppose there is no difference in blade forms definition using passport intead of native auth?
3) Also, passport can be used instead of jwt/auth in backend rest API and there is no difference in work of clients app
using this backend rest API ?
4) Is passport better/has some advantage in both cases or it is just one more replacement?
5) Please give some examples in which passport can be used / got advantage of using it may be in some other app types?
Thanks!
Laravel Passport is a Laravel package that allows you to integrate the OAUTH2 protocol into your application.
This means that when you want other services to retrieve user data from your application, or add data, they can request access for users. Users can give permissions for certain actions by clicking a button on the external site, logging in on their account on your Laravel site, and allowing access for the external service. Users are then redirected back to the other website, and after a few requests between the two servers, the external service now has the requested permissions to read or alter user data. This protocol is almost always used whenever you click "sign on with ..." since all large social media platforms have OAUTH2 integrations.
To answer your questions:
I believe this question: Laravel combine Passport authentication and normal authentication will answer your question.
Passport sits on top of default Laravel auth and needs this to authenticate requests. So users still have to have an account on your site to allow other websites to access your account.
There are big differences in how normal API auth works, and how Passport works. The biggest difference is that normal API auth should only be used for your site, not for external sites to fetch user data from your API. With OAUTH2, users can give certain permissions to websites, and using tokens, these external sites can perform certain actions on your site.
If you want to allow other sites to fetch account information from your site, you should implement Passport, if not, then using Passport has no large advantages.
Examples are things like Sign in with Google, or with Facebook, Twitter or GitHub, Even stackoverflow has an OAUTH2 implementation. Services can, for example, create new Facebook posts for a user, request all twitter posts from the last year or create a new issue in Github.
I'm developing a mobile app + SPA using Laravel as a web service. I'm not sure which grant flow will be good for this. I would avoid any third party login like facebook, google, etc. Id'like to handle user login simply with email and password. I want user to login only once on mobile app.
I had gone through some articles. I'm very confused. I found out 2 flows which might work here. 1st is implicit Grant & 2nd one is password grant.
If SPA is built inside your Laravel project you can handle user login simply with standard laravel authorization method.
For external use (mobile app or external SPA) you should authenticate users with API.
Laravel Passport mainly offers two way to handle this.
Personal Access Token
Fresh API Token
I suggest using the second one cause is the "Standard way" to consuming your web app with a nonsecure source.