Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Implementing Laravel’s Authorization on the Front-End
Sep 27, 2017 @ 10:15:56

On the Pineco.de site there's a tutorial posted showing you how to implement the Laravel auth system on the frontend re-using the same logic in a single-page Vue.js application as you would on the backend.

If you are using Laravel, probably you are familiar with its ACL. You can easily restrict user’s access by creating policies and binding them to the specific models. It works perfectly on the back-end, but what can we do if our app is something like an SPA?

The post starts with a brief overview of the Laravel ACL handling as it relates to users and policies about what they can do or access. The frontend setup then makes use of a "cheap copy" of the Laravel "gate" handling via a Javascript-based request. They walk you through the preparation work you'll need and the creation of a gate class to define the current policies for CRUD methods. The main "Gate" class is then defined, setting up the before, allow and deny action methods. Finally these pieces are integrated into the Vue.js application with an example of either showing or hiding the "Edit" link based on the user permissions.

tagged: laravel authentication gate frontend vuejs tutorial gate logic javascript

Link: https://pineco.de/implementing-laravels-authorization-front-end/

Auth0 Blog:
Building an app with Nette and adding authentication
Sep 21, 2017 @ 10:07:59

On the Auth0 blog there's a tutorial posted that shows you how to build an application with the Nette framework and easily integrate authentication via their own JSON web token functionality.

Nette is a free, open-source PHP framework designed for building web applications. Nette is a set of decoupled and reusable PHP packages that will make your work easier. And Nette is also known as the quick and comfortable web development framework in PHP because it has the tools that allow you to bang out PHP applications rather quickly.

[...] In this tutorial, I'll show you how easy it is to build a web application with Nette and add authentication to it. Check out the repo to get the code.

The tutorial starts by talking about some of the built-in tools the framework includes and some basic use of each. It then gets into building the application, creating the controller, view and template to output a list of characters from Game of Thrones. From there it moves into the authentication piece, showing the integration of the Auth0 plugin and how to hook it into an application on their platform. There's a bit of configuration to set it up as an authenticator but then the framework and the plugin take care of the rest.

tagged: nette framework authentication tutorial auth0 jsonwebtoken json jwt

Link: https://auth0.com/blog/building-an-app-with-Nette-and-adding-authentication/

Dragos Holban:
Symfony OAuth Authentication for Your Mobile Application
Sep 11, 2017 @ 12:57:13

On his Medium site Dragos Holban has a new tutorial posted as a part of his "Learn Symfony 2.8" series. This time he shows how to use Symfony OAuth authentication for a mobile application.

Let’s say you built an API using Symfony and you need to access it from a mobile application using authenticated requests on behalf of your users.

Here’s how to make this work using Symfony 2.8 and Doctrine.

He starts by helping you install the FOSOAuthServerBundle and how to enable it in your Symfony application's configuration. He then includes the code for the OAuth classes: the client and entities for the access token and access token handler. He shows how to configure the bundle and add in routing and configure security protection for the parts of your application. Next he shows the creation of a client and how to document your API using the NelmioApiDocBundle.

tagged: oauth tutorial symfony authentication token doctrine entity

Link: https://medium.com/@dragosholban/symfony-oauth-authentication-for-your-mobile-application-b13de7202df7

Zeeshan Ahmed:
JWT authentication for Lumen 5.4
Sep 06, 2017 @ 12:44:23

In a recent post to his site ** shows you how to create a system that uses a handy package to create JWT authentication handling for a Lumen-based application. Lumen is the microframework sibling to the Laravel framework.

Recently I have been tinkering with Angular-4 to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the setup of a new Lumen project and populates the database with some sample (faked) user information from a seeder. Next he helps you get the firebase/php-jwt library installed via Composer and creates the matching controller and middleware to wire it into the application. In his example the user is authenticated via the standard username/password form and, when successful, generates a JWT token that's then passed along with other requests for validation by the middleware.

tagged: lumen laravel tutorial jwt authentication token firebase package

Link: https://zeeshanu.github.io/2017/09/05/jwt-authentication-for-Lumen-5.4/

Ionic 3 and Angular 4: PHP Restful API User Authentication for Login and Signup
Jun 23, 2017 @ 10:32:17

On the 9Lessons.info site they've posted a tutorial walking you through the creation of an application using Iconic 3, Angular 4 and a PHP restful API and how to handle user authentication and signup. It's a continuation from this previous post that kicked off the series.

Today’s post explains how to implement login authentication system for your AngularJS applications. It will show you how to log in with a user and store the user session, so it deals with token based authentication. Since we are using token based authentication, it protects if any unauthorized request is made and notices for a new login if required. This makes your application’s authentication to be more secured compared with any other authentication system. Every user details will be stored in an external database and a PHP based API is used in the backend for handling this authentication. Hope you’ll find it more easily using this as your authentication system in your AngularJS projects.

They assume you've worked through the previous post and already have the basic structure of the application set up. They share a screencast showing the process but also include the key details - database tables, code and markup - in the post for those that prefer to follow along that way.

tagged: tutorial 9lessons iconic angularjs restful api user authentication signup

Link: http://www.9lessons.info/2017/06/ionic-angular-php-login-restful-api.html

Zend Framework Blog:
Nested Middleware in Expressive
Mar 16, 2017 @ 11:52:21

On the Zend Framework blog Matthew Weier O'Phinney has posted another tutorial, this time showing you how to use nested middleware in Expressive allowing for the composition of your own workflow in the request/response flow.

A major reason to adopt a middleware architecture is the ability to create custom workflows for your application. Most traditional MVC architectures have a very specific workflow the request follows. While this is often customizable via event listeners, the events and general request lifecycle is the same for each and every resource the application serves.

With middleware, however, you can define your own workflow by composing middleware.

He starts by describing one of the main concepts in the workflow of the application: pipelines. He gives an example of the default pipeline included with the Expressive skeleton application and how the middleware it uses nests to create a custom logic and handling flow. He follows this with an example scenario showing how to add authentication into the pipeline, specifically the use of Digest authentication via a PSR7 middleware package. Code is included for the integration of this package and the end result - all pages requiring authentication. He shows how to modify this and limit it to only certain paths and how to nest them in the route definitions.

Finally he shows another approach - creating a custom middleware pipeline inside of the factory for the requested middleware. He also covers nested applications, using traits for common workflows and the use of "delegator factories".

tagged: expressive tutorial nested middleware pipeline custom authentication example

Link: https://framework.zend.com/blog/2017-03-15-nested-middleware-in-expressive.html

Cloudways Blog:
User Authentication In Yii2 With Email Verification
Mar 13, 2017 @ 13:54:47

The Cloudways blog has a new tutorial posted showing you how to set up a system for user authentication via email in a Yii2-based application. The concepts would be the same in just about any other framework, it's just the code to implement it would be slightly different.

User authentication is an essential component of every web app. Whether it is a simple to-do list or a complex corporate portal, user authentication remains a common factor across all types of PHP applications.

[...] In this tutorial, I will show you how to develop a user authentication component in Yii2 that features a SMTP email verification. If you are new to Yii2, you must first read previous tutorials to get an introduction to Yii2. Next read about form handling in Yii 2 and database management in Yii 2.

The tutorial makes use of this extension for the traditional user handling as a more flexible option than the built-in framework features. They then walk you through the process of creating the new Yii2 project and getting the component installed. It also helps you:

  • run the migrations to create the required tables
  • set up the SMTP mailer
  • update the navigation with the links for logged in/logged out users
  • configuring the email settings

The end result is a signup form that, when submitted will send an email to the user's email address to verify it and allow the user to continue the registration process.

tagged: user authentication yii2 framework tutorial signup package

Link: https://www.cloudways.com/blog/user-authentication-yii2/

SitePoint PHP Blog:
How to Secure Laravel Apps with 2FA via SMS
Mar 01, 2017 @ 11:52:23

On the SitePoint PHP blog there's a new tutorial posted by author Younes Rafie showing you how to secure your Laravel application with 2FA (two-factor authentication) via SMS messages. In this example they make use of the Twilio SMS handling to send the message to the end user's device.

While everyone is concerned about their application’s security, few take it seriously and take the plunge. The first thing you’ll notice when learning about this is that two factor authentication (2FA) is the go-to solution as a first step.

Although there have been some serious problems with using text messages as a second factor, it’s definitely safer than a plain username and password combination, given that many users tend to use popular and easy to guess passwords for critical services such as payments, chat, emails, etc. In this article, we’re going to build two factor authentication into a Laravel application using Twilio SMS as the second factor.

The tutorial then starts by explaining what the end result will look like - a basic username/password login system that will require a code (from the SMS message) to continue into the account. They walk you through the creation of a new Homestead instance and installation/configuration of the new Laravel project. It then shows the updates you'll need to make to migrations and the models to handle the storage of the SMS tokens. It also shows the Blade templates to create the code entry view and error output in case of a code validation failure.

The tutorial then integrates Twilio's PHP SDK via a provider and provides a screencast of the end result.

tagged: laravel application security sms twofactor authentication

Link: https://www.sitepoint.com/secure-laravel-apps-2fa-via-sms/

Alison Gianotto:
Demystifying Custom Auth in Laravel 5
Nov 21, 2016 @ 11:49:17

Alison Gianotto (a.k.a. Snipe) has a new post on her site talking about custom authentication in Laravel-based applications including built-in functionality and how you can override it to your needs.

I’m a big fan of Laravel. I use it in most of my personal and professional projects, and for the most part it really does make coding fun for me again. One of the things Laravel tries to do (similar to Rails) is to build in the most repetitive things a developer would have to do, for example a user registration/login/forgotten password system.

[...] In each of my current Laravel apps, auth works just a tiny bit differently. Add to that the fact that a few of them were pulled forward from Laravel version 4.2, and things can get confusing and messy. [...] Laravel makes this really, really easy – they just don’t document how to do it very well.

She starts by mentioning the "fresh" install version of building out the auth pieces (php artisan make:auth) but points out that, if a more "hybrid" system is needed, a bit more work is required. She shows you the routes that are created in the "make:auth" process and how/where you need to modify things to customize it to your system. She illustrates with some of her own changes including code examples.

tagged: laravel tutorial custom authentication framework

Link: http://snipe.net/2016/11/demystifying-custom-auth-in-laravel-5/

Laravel Social Authentication with Socialite
Nov 17, 2016 @ 12:17:41

The Scotch.io site has posted a tutorial for the Laravel users out there showing you how to use the Socalite package in your application to make authentication handling with external services simpler.

Laravel introduced a built in Authentication module in version 5.2. To set this up, you just have to run php artisan make:auth and everything is generated for you, from the views to the controllers and the routes.

[...] And that is a great thing. However, this command will only make you a traditional login. In most sites nowadays when signing up, users have the option of signing up with a social provider such as Facebook. In this tutorial, I will teach you how to add multiple social providers to a Laravel app using Socialite package. For this tutorial we will add Facebook, Github and Twitter signups.

They start off with a new Laravel application (but, of course, you can use your current one), setting up a new database and creating a custom "users" table that includes "provider" information. The User model is then updated to allow the population of this data and the "make:auth" command is run. The Socialite package is then included and the application is configured to include its service provider. The tutorial then steps you through creating Github, Twitter and Facebook applications, getting the keys needed to drop into your app's configuration. Finally they update the login/registration pages with the social login buttons and how they'll now "magically" work.

tagged: tutorial socalite authentication laravel github twitter facebook

Link: https://scotch.io/tutorials/laravel-social-authentication-with-socialite