Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Gonzalo Ayuso:
Authenticate OpenUI5 applications and Lumen backends with Amazon Cognito and JWT
Dec 11, 2017 @ 10:26:21

On his site today Gonzalo Ayuso has a tutorial posted showing how to create authentication in OpenUI5 applications with the help of Lumen, Amazon Cognito and JWTs.

Today I want to create an UI5/OpenUI5 boilerplate that plays with Lumen backends. Simple, isn’t it? We only need to create a Lumen API server and connect our OpenUI5 application with this API server. But today I also want to create a Login also. The typical user/password input form. I don’t want to build it from scratch (a user database, oauth provider or something like that). Since this days I’m involved with Amazon AWS projects I want to try Amazon Cognito.

He then walks through the Cognito service and what it has to offer including user management and authentication handling. He starts with the OpenUI5 side, creating the basic application and login handling via the Congnito Javascript SDK. He then modifies this with some basic user handling and creates the view for the login form. He also includes functionality for password resets and the code required to inject the JWT into every request post-authentication.

tagged: openui5 application tutorial authentication amazon cognito lumen backend

Link: https://gonzalo123.com/2017/12/11/authenticate-openui5-applications-and-lumen-backends-with-amazon-cognito-and-jwt/

TutsPlus.com:
How to Create a Custom Authentication Guard in Laravel
Nov 10, 2017 @ 11:53:25

In the TutsPlus.com site there's a tutorial posted showing you how to create a custom guard in Laravel by building on top of the current system to integrate it with a MongoDB database.

In this article, we’re going to cover the authentication system in the Laravel framework. The main aim of this article is to create a custom authentication guard by extending the core authentication system.

Laravel provides a very solid authentication system in the core that makes the implementation of basic authentication a breeze. [...] Moreover, the system itself is designed in such a way that you could extend it and plug in your custom authentication adapters as well. That’s what we'll discuss in detail throughout this article.

The article then starts out with a brief description of the two parts of the system: "guards" and "providers". It then provides the list of files that will be involved and where they belong in the overall structure. From there it's on to the configuration changes and code required to make the link to the MongoDB database and the creation of the User model and authentication provider. Next comes the code to create the guard and what's required to tie it all together and make the full system work. The tutorial wraps up with an example of testing this new guard via a simple controller call.

tagged: laravel tutorial guard authentication user framework mongodb

Link: https://code.tutsplus.com/tutorials/how-to-create-a-custom-authentication-guard-in-laravel--cms-29667

Pineco.de:
Implementing Laravel’s Authorization on the Front-End
Sep 27, 2017 @ 10:15:56

On the Pineco.de site there's a tutorial posted showing you how to implement the Laravel auth system on the frontend re-using the same logic in a single-page Vue.js application as you would on the backend.

If you are using Laravel, probably you are familiar with its ACL. You can easily restrict user’s access by creating policies and binding them to the specific models. It works perfectly on the back-end, but what can we do if our app is something like an SPA?

The post starts with a brief overview of the Laravel ACL handling as it relates to users and policies about what they can do or access. The frontend setup then makes use of a "cheap copy" of the Laravel "gate" handling via a Javascript-based request. They walk you through the preparation work you'll need and the creation of a gate class to define the current policies for CRUD methods. The main "Gate" class is then defined, setting up the before, allow and deny action methods. Finally these pieces are integrated into the Vue.js application with an example of either showing or hiding the "Edit" link based on the user permissions.

tagged: laravel authentication gate frontend vuejs tutorial gate logic javascript

Link: https://pineco.de/implementing-laravels-authorization-front-end/

Auth0 Blog:
Building an app with Nette and adding authentication
Sep 21, 2017 @ 10:07:59

On the Auth0 blog there's a tutorial posted that shows you how to build an application with the Nette framework and easily integrate authentication via their own JSON web token functionality.

Nette is a free, open-source PHP framework designed for building web applications. Nette is a set of decoupled and reusable PHP packages that will make your work easier. And Nette is also known as the quick and comfortable web development framework in PHP because it has the tools that allow you to bang out PHP applications rather quickly.

[...] In this tutorial, I'll show you how easy it is to build a web application with Nette and add authentication to it. Check out the repo to get the code.

The tutorial starts by talking about some of the built-in tools the framework includes and some basic use of each. It then gets into building the application, creating the controller, view and template to output a list of characters from Game of Thrones. From there it moves into the authentication piece, showing the integration of the Auth0 plugin and how to hook it into an application on their platform. There's a bit of configuration to set it up as an authenticator but then the framework and the plugin take care of the rest.

tagged: nette framework authentication tutorial auth0 jsonwebtoken json jwt

Link: https://auth0.com/blog/building-an-app-with-Nette-and-adding-authentication/

Dragos Holban:
Symfony OAuth Authentication for Your Mobile Application
Sep 11, 2017 @ 12:57:13

On his Medium site Dragos Holban has a new tutorial posted as a part of his "Learn Symfony 2.8" series. This time he shows how to use Symfony OAuth authentication for a mobile application.

Let’s say you built an API using Symfony and you need to access it from a mobile application using authenticated requests on behalf of your users.

Here’s how to make this work using Symfony 2.8 and Doctrine.

He starts by helping you install the FOSOAuthServerBundle and how to enable it in your Symfony application's configuration. He then includes the code for the OAuth classes: the client and entities for the access token and access token handler. He shows how to configure the bundle and add in routing and configure security protection for the parts of your application. Next he shows the creation of a client and how to document your API using the NelmioApiDocBundle.

tagged: oauth tutorial symfony authentication token doctrine entity

Link: https://medium.com/@dragosholban/symfony-oauth-authentication-for-your-mobile-application-b13de7202df7

Zeeshan Ahmed:
JWT authentication for Lumen 5.4
Sep 06, 2017 @ 12:44:23

In a recent post to his site ** shows you how to create a system that uses a handy package to create JWT authentication handling for a Lumen-based application. Lumen is the microframework sibling to the Laravel framework.

Recently I have been tinkering with Angular-4 to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the setup of a new Lumen project and populates the database with some sample (faked) user information from a seeder. Next he helps you get the firebase/php-jwt library installed via Composer and creates the matching controller and middleware to wire it into the application. In his example the user is authenticated via the standard username/password form and, when successful, generates a JWT token that's then passed along with other requests for validation by the middleware.

tagged: lumen laravel tutorial jwt authentication token firebase package

Link: https://zeeshanu.github.io/2017/09/05/jwt-authentication-for-Lumen-5.4/

9Lessons.info:
Ionic 3 and Angular 4: PHP Restful API User Authentication for Login and Signup
Jun 23, 2017 @ 10:32:17

On the 9Lessons.info site they've posted a tutorial walking you through the creation of an application using Iconic 3, Angular 4 and a PHP restful API and how to handle user authentication and signup. It's a continuation from this previous post that kicked off the series.

Today’s post explains how to implement login authentication system for your AngularJS applications. It will show you how to log in with a user and store the user session, so it deals with token based authentication. Since we are using token based authentication, it protects if any unauthorized request is made and notices for a new login if required. This makes your application’s authentication to be more secured compared with any other authentication system. Every user details will be stored in an external database and a PHP based API is used in the backend for handling this authentication. Hope you’ll find it more easily using this as your authentication system in your AngularJS projects.

They assume you've worked through the previous post and already have the basic structure of the application set up. They share a screencast showing the process but also include the key details - database tables, code and markup - in the post for those that prefer to follow along that way.

tagged: tutorial 9lessons iconic angularjs restful api user authentication signup

Link: http://www.9lessons.info/2017/06/ionic-angular-php-login-restful-api.html

Zend Framework Blog:
Nested Middleware in Expressive
Mar 16, 2017 @ 11:52:21

On the Zend Framework blog Matthew Weier O'Phinney has posted another tutorial, this time showing you how to use nested middleware in Expressive allowing for the composition of your own workflow in the request/response flow.

A major reason to adopt a middleware architecture is the ability to create custom workflows for your application. Most traditional MVC architectures have a very specific workflow the request follows. While this is often customizable via event listeners, the events and general request lifecycle is the same for each and every resource the application serves.

With middleware, however, you can define your own workflow by composing middleware.

He starts by describing one of the main concepts in the workflow of the application: pipelines. He gives an example of the default pipeline included with the Expressive skeleton application and how the middleware it uses nests to create a custom logic and handling flow. He follows this with an example scenario showing how to add authentication into the pipeline, specifically the use of Digest authentication via a PSR7 middleware package. Code is included for the integration of this package and the end result - all pages requiring authentication. He shows how to modify this and limit it to only certain paths and how to nest them in the route definitions.

Finally he shows another approach - creating a custom middleware pipeline inside of the factory for the requested middleware. He also covers nested applications, using traits for common workflows and the use of "delegator factories".

tagged: expressive tutorial nested middleware pipeline custom authentication example

Link: https://framework.zend.com/blog/2017-03-15-nested-middleware-in-expressive.html

Cloudways Blog:
User Authentication In Yii2 With Email Verification
Mar 13, 2017 @ 13:54:47

The Cloudways blog has a new tutorial posted showing you how to set up a system for user authentication via email in a Yii2-based application. The concepts would be the same in just about any other framework, it's just the code to implement it would be slightly different.

User authentication is an essential component of every web app. Whether it is a simple to-do list or a complex corporate portal, user authentication remains a common factor across all types of PHP applications.

[...] In this tutorial, I will show you how to develop a user authentication component in Yii2 that features a SMTP email verification. If you are new to Yii2, you must first read previous tutorials to get an introduction to Yii2. Next read about form handling in Yii 2 and database management in Yii 2.

The tutorial makes use of this extension for the traditional user handling as a more flexible option than the built-in framework features. They then walk you through the process of creating the new Yii2 project and getting the component installed. It also helps you:

  • run the migrations to create the required tables
  • set up the SMTP mailer
  • update the navigation with the links for logged in/logged out users
  • configuring the email settings

The end result is a signup form that, when submitted will send an email to the user's email address to verify it and allow the user to continue the registration process.

tagged: user authentication yii2 framework tutorial signup package

Link: https://www.cloudways.com/blog/user-authentication-yii2/

SitePoint PHP Blog:
How to Secure Laravel Apps with 2FA via SMS
Mar 01, 2017 @ 11:52:23

On the SitePoint PHP blog there's a new tutorial posted by author Younes Rafie showing you how to secure your Laravel application with 2FA (two-factor authentication) via SMS messages. In this example they make use of the Twilio SMS handling to send the message to the end user's device.

While everyone is concerned about their application’s security, few take it seriously and take the plunge. The first thing you’ll notice when learning about this is that two factor authentication (2FA) is the go-to solution as a first step.

Although there have been some serious problems with using text messages as a second factor, it’s definitely safer than a plain username and password combination, given that many users tend to use popular and easy to guess passwords for critical services such as payments, chat, emails, etc. In this article, we’re going to build two factor authentication into a Laravel application using Twilio SMS as the second factor.

The tutorial then starts by explaining what the end result will look like - a basic username/password login system that will require a code (from the SMS message) to continue into the account. They walk you through the creation of a new Homestead instance and installation/configuration of the new Laravel project. It then shows the updates you'll need to make to migrations and the models to handle the storage of the SMS tokens. It also shows the Blade templates to create the code entry view and error output in case of a code validation failure.

The tutorial then integrates Twilio's PHP SDK via a provider and provides a screencast of the end result.

tagged: laravel application security sms twofactor authentication

Link: https://www.sitepoint.com/secure-laravel-apps-2fa-via-sms/