We are building a firebase mobile app and need to put some payment (paypal) logic on a custom PHP backend (Laravel).
The question is what is the best solution to do authentication on the PHP side?
Currently we are thing in using API-Key library like https://github.com/chrisbjr/api-guard
Is there any better solution?
Related
I was handed over a project by my company, it was made in Laravel with livewire and Nova.The company wants me to redo the app by consuming API's written in Lumen.
The first thing that I want to ask is whether its a good idea and secondly how to go about storing jwt token in Laravel provided by the Lumen login API and use it in subsequent requests?
First question you need to ask is why do they want to rebuild something existing under Laravel to Lumen. Lumen is basically a lightweight version of Laravel. If the idea is to seperate the frontends from the backend you could keep using Laravel, it can definitely be used to define APIs.
Regarding your second question, there are already some existing libraries (https://github.com/dusterio/lumen-passport ) which can help you use Laravel Passport in Lumen, so you shouldn't have any issue and you should be able to use your token everywhere.
I am about to open source a React Native app which interacts with a Laravel backend in production.
However, the client_secret from Laravel Passport to generate auth tokens is saved in cleartext in the React Native repo.
What security should I be concerned about and are there best practices I should consider? Is it possible to import keys from .env into React Native project? Surely anyone who downloads the app would be able to get those keys anyway?
I have a Laravel project with a passport api. I want my other websites to connect to this same authentification. In the future, even ios and android apps can authentify too. How can i set my other laravel projets to use this api oauth? Can i guard my pages with it?
Before doing anything i want to know if this is possible or if there is a better idea of doing this.
Short answer: Yes, this is possible!
Long answer:
Passport provides OAuth2 which is the very same authentication protocol used by Sign in with Facebook and sing in with GitHub etc.
So your app with Passport is the user provider and your other apps are consumers. In the case of the consumers any OAuth2 client will do the trick (as long as you can create a custom provider for your Passport "server" app).
Laravel got your back with that too with: https://laravel.com/docs/5.8/socialite. You can create a custom provider for your Passport "server" app.
TL;DR: Just like you would implement "Sign in with GitHub" (if you did that before) you can implement "Sign in with my Passport app" by writing your custom OAuth2 provider.
I cannot show much code since this will be highly specific but I do hope my story helps you find the correct packages/articles on how exactly to do this for your use case!
I am making a backend CMS for my android and iOS app and have implemented the APIs. But I am struggling with securing them. I have tried using Laravel Passport but I failed to use it. I want to ask if my apporach to secure them is right? Should I use passport or is there some other way to secure my apis? And how do I do it? Any help will be appreciated.
I am using laravel 5.4.
I am currently using Ionic Cloud to handle authentication and Facebook login for my app. What I am now doing is building a backend API with Lumen to do a few simple things that Ionic Cloud can't do. Is there a way to use the authentication I already have with Ionic Cloud to also authenticate my back end server? Or will I need to scrap Cloud and only implement authentication in Lumen. Ionic Cloud makes authentication very neat and easy, so it would be a shame to stop using it.