Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am new to Laravel and I noticed that it has an auth library but I would like to know what threats does it protect against. For example, does it use any technique to protect against brute force attacks?
Laravel Auth library/class only autheticate the user (or whatever you may authenticate) in your system and using it with the filters, you can garantee that the user only see what is permited for him to see. It does not really care in secure your system against attacks, for exemple. That's is on you!
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to figure out what's the correct way to authenticate users with Passport for a Vue SPA. I can't figure out which grant type I should use considering that implicit grant is not recommended by IETF’s OAuth working group and the other methods require to pass the client_secret with the request, I'm a bit lost...
I was thinking password grant but I receive a refresh token and it’s not really secure to store it in the localstorage.
I also thought about the cookie injected by laravel passport in every request but I can’t find out how to login from my SPA with this approach...
Any lead on what’s the best / more secure way to do this ?
Thanks!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have an android client which doesn't implement any username and password login, it user OTP for login. So i have only firebase userID. How can i configure WebSecurityConfigurerAdapter to use this firebase userID to authenticate user and we don't have front-end website for logging in.
you need to configure spring security to use a custom autenticationProvider, and use firebase API to verify your tokens sent as a header of you request, have a look at this example HERE
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new in laravel, I want to create basic Laravel API without login authentication to get the token. Is there a way to create a static API token that can access fron header?, any answer would be appreciated.
You should use Laravel Passport definitely.
Documentation of Passport and underlying Oauth2 Server, could be a way better.
But despite this fact, it is a way to go, for building real, good working API.
If you want to use password grant token only (which is the most used scenario) then this post might be helpful to you...
You can do it using Laravel Passport. Read the documentation here https://laravel.com/docs/5.6/passport
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am new to spring MVC . I want to show a register button in login page only if user is not registered
I don't know whether you stored registered user data somewhere or not, though I assume that you store it to database and try to give this answer, may this will help to you.
First of all pull out all registered user data list from database while login & check whether user login credential is present in this list or not. If present then don't show registered button otherwise show it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm developing eBay Sinatra application and need to authenticate an user by their login and password to give them the ability to request their information from eBay by themself. By authentication I mean authentication by redirection (or something like) to eBay and entering their login and password. It's similar to Facebook authentication.
I did a research but found almost zero.
Your suggestions?
Omniauth has a strategy for ebay authentication. I haven't used it but omniauth is a competent gem for handling different login strategies for various sites out there. Recently I have used omniauth with rails but a couple of months ago I did likewise with padrino so I think it should work nice with pure sinatra also.