laravel custom authentication based on API response call

1
votes

Currently I using Laravel 5.7 and trying to build login mechanism. Case similar to Custom user authentication base on the response of an API call.

My case is I don't have own database and user table locally. All need is to call API to validate by passing username, password, client id, client secret.

My request to API in postman:

POST Body   
{
  "username": "tester",
  "password": "ps",
  "CLIENT_ID": "xx",
  "CLIENT_SECRET": "yy"
}

The response from API for success event in postman. The user information is in this JWT token by decode it.

{
    "token_type": "Bearer",
    "id_token": "eyJraWQiOiNGUvdFZC...",
    "access_token": "eyJraWQiOi....",
    "expire_in": 3600,
    "refresh_token": "eyJjdHkiOiJK..."
}

I wish to do something like in loginContoller and use Auth::**: 

public function postSignIn(Request $request)
{
    $username = strtolower($request->username);
    $password = $request->password;

    if (Auth::attempt(['username' => $username, 'password' => $password])) {
        return Redirect::to('/dashboard')->with('success', 'Hi '. $username .'! You have been successfully logged in.');
    } else {
        return Redirect::to('/')->with('error', 'Username/Password Wrong')->withInput(Request::except('password'))->with('username', $username);
    }
}

Question:

  1. How can I implement API authentication in laravel? (using guzzle, service provider, Authenticatable Contract and driver Auth?)

  2. How to store the access token in session/cookie to attach in every request sent to API every time afterward?

  3. How to store the refresh token and use it to gain the access token after it is invalid?

I appreciate all the helps or any example/guidance.

1
phplaravelapiauthenticationoauth-2.0
hi, try using 'passport' -> laravel.com/docs/5.7/passport ...Ehsan Keramat
@EhsanKeramat hi, but I'm not implement API in this laravel app.. it just a thin client web apps. From my understanding, passport using api authentication and built on top of oauth2 server.JohnnyCc
hi, look, if you wana use auth in your web, app or etc... you must have database access, auth controller codes, so we using laravel to reduce our code and use stable plugins for more security and performance, if you wana have auth in your app you must use plugins who test and used before like "passport" or build your own!!! and for build your won go read how handle tokens, usernames, passwords, security, performance, etc... to set tokens in database and compare check user value!!! ( for example go read how passport handle for build your own) ...Ehsan Keramat
@JohnnyCc did you find a solution to this problem? I'm having the same isseMalcolmInTheCenter
I face similar problem. The scenario is API using C# output json (bearer token, user data). Front end using Laravel. And it looks like difficult, building front end using laravel but authenticate based on API response call. As @JohnnyCc said, Laravel not implement API (passport) but as a front end.Nurkartiko

1 Answers

0
votes

you don't have to do it your self thre's a lot of plugins that can do the trick for you like like lavael passport it so simple to use you have to make a look