Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Esben Petersen:
A modern REST API in Laravel 5 Part 4: Authentication using Laravel Passport
Mar 20, 2017 @ 10:56:15

Esben Petersen has posted the fourth part of his tutorial series covering the creation of a "modern REST API" with Laravel. In this latest article he focuses on authenticating users with the help of an OAuth2 flow.

OAuth is all around us. Most of us have tried to login to a 3rd party service using our Facebook or Google account as a login. This login mechanism is one of many OAuth authentication types. However, you can also use OAuth to generate simple API keys. One of the OAuth authentication types generates API keys based on username and password and is therefore a solid authentication choice for SaaS-style apps. This article will explore how to setup the password grant authentication type in Laravel using Laravel Passport.

The article is broken up into a few different sections, each with explanations and code where appropriate to help illustrate the point:

  • a basic introduction to OAuth2 and grants
  • authentication in single-page applications
  • dependencies to use (and install/configuration)
  • creating the login proxy
  • building a consumer

The final step is an example (using a curl command) to test the API and ensure things are working as expected. The post ends with a more "real world" example of a Slack-style application and linking channels and user but only showing the channels users have access to based on scope.

tagged: tutorial rest api laravel series part4 oauth2 passport

Link: http://esbenp.github.io/2017/03/19/modern-rest-api-laravel-part-4/

Laravel News:
Learn about Grant Types in Laravel Passport
Aug 24, 2016 @ 10:46:49

On the Laravel News site today they've posted a tutorial helping you learn more about the grant types in the OAuth2 functionality provided by Laravel Passport.

OAuth2 is a security framework that controls access to protected areas of an application, and it’s mainly used to control how different clients consume an API ensuring they have the proper permissions to access the requested resources.

Laravel Passport is a full OAuth2 server implementation; it was built to make it easy to apply authentication over an API for laravel-based web applications.

For those not familiar with some of the terms around OAuth and its handling, they start with a few brief definitions (those that are familiar can skip them). Following this the post gets into the creation of a two kinds of grant handling with Passport: third-party authorizations and first-party applications (your own apps authenticating against the OAuth server). The post ends with a brief mention of creating access tokens manually, but points out that thing functionality should probably only be used during testing.

tagged: laravel passport oauth2 grant types password thirdparty server

Link: https://laravel-news.com/2016/08/passport-grant-types/

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 09:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

Sara Golemon's Blog:
The government will disavow any knowledge of your existence.
Jul 25, 2006 @ 05:35:47

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

tagged: passport issues phpworks2006 extension writing pdo_user passport issues phpworks2006 extension writing pdo_user

Link:

Sara Golemon's Blog:
The government will disavow any knowledge of your existence.
Jul 25, 2006 @ 05:35:47

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

tagged: passport issues phpworks2006 extension writing pdo_user passport issues phpworks2006 extension writing pdo_user

Link: