Secure API middleware when user signs up with community

Question

Secure API middleware when user signs up with community

I would like my users to subscribe to my laravel based app using facebook or similar via socialite.

My users are using a mobile app on their smartphones that access my app's API. These API routes are currently protected through the middle auth.basic backup

Route::group(['prefix' => 'api/v1', 'middleware' => 'auth.basic'], function()
{
    // ...
});

The app communicates with the api using basic secure urls.

https://user:pass@myapp.com/api/v1/item/1

Now how can I let my users access my secured api routes when they sign up through socialite? Is there a package or predefined environment? Also, what do the urls look like? Is it even possible to allow API calls with both, as usual, logged in users and those logged in via socialite at the same time?

+3

security api laravel laravel-5 laravel-socialite

nozzleman Apr 30 15 at 10:16

source to share

1 answer

Margus Pala · Answer 1 · 2015-04-30T11:25:14+0000

I see the 2 best options here.

It is easiest to use a simple intermediate intermediate link in conjunction with entering the API first before any other API calls

Second, you can create your own middleware and include the token in your API call that authenticates the user. An example of such a call after logging and getting the token is below. Middleware gets url parameter and checks if it is correct.

https://myapp.com/api/v1/item/1?token=123456

Secure API middleware when user signs up with community

More articles: