Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TutsPlus.com:
Set Up an OAuth2 Server Using Passport in Laravel
Jun 08, 2018 @ 16:51:36

The TutsPlus.com site has a new tutorial posted showing you how to create an OAuth2 server with Laravel and the help of the Passport library.

In this article, we’re going to explore how you could set up a fully fledged OAuth2 server in Laravel using the Laravel Passport library. We’ll go through the necessary server configurations along with a real-world example to demonstrate how you could consume OAuth2 APIs.

I assume that you’re familiar with the basic OAuth2 concepts and flow as we’re going to discuss them in the context of Laravel. In fact, the Laravel Passport library makes it pretty easy to quickly set up an OAuth2 server in your application. Thus, other third-party applications are able to consume APIs provided by your application.

The article is then divided up into the steps (code, configuration changes, and commands) required to get the system up and running:

  • Installation of Passport (requires a Laravel app already installed)
  • Changing the User model to add the "remember_token" field
  • Setting up some demo resources
  • Adding the middleware and routes to handle the requests

The tutorial then spends some time showing how to consume OAuth2 APIs and makes use of the Passport "client" to make some sample requests. Finally, it walks you through the whole process of the OAuth2 experience from a user perspective, including some code to manually make the connection from plain PHP.

tagged: tutorial oauth2 server laravel passport client token

Link: https://code.tutsplus.com/tutorials/setup-oauth2-server-using-passport-in-laravel--cms-30576

Exakat Blog:
Largest PHP applications (2018)
Mar 19, 2018 @ 16:35:46

On the Exakat blog there's a new post that includes the details of the largest PHP applications currently available (and popular) based on their own scanning of Open Source Projects.

When testing the exakat static analysis engine, I need to run it on real code. Open Source projects are a real blessing there, since they come in different shapes and stripes. [...] Nowadays, code bases tends to be smaller, compared to more ancient applications. Components are the norm, and they impact both the development of the application, and its extension.

[...] For this survey, we collected 1885 Open Source applications, and counted only their tokens. Tokens are PHP atomic elements, that are needed to understand and run code. Comments, white spaces and delimiters were not counted, leaving only the useful tokens. Then, the more the larger is the application.

The post lists out the top 100 largest PHP applications (by tokens, not by line) including:

  • Magento2 (#6)
  • Drupal (#12)
  • Yii (#21)
  • Joomla (#36)
  • Symfony (#52)
  • Apigility (#80)

The list comes with the count of tokens and is an update of their 2016 largest PHP applications post.

tagged: large application token size project opensource scanner

Link: https://www.exakat.io/largest-php-applications-2018/

Dragos Holban:
Symfony OAuth Authentication for Your Mobile Application
Sep 11, 2017 @ 17:57:13

On his Medium site Dragos Holban has a new tutorial posted as a part of his "Learn Symfony 2.8" series. This time he shows how to use Symfony OAuth authentication for a mobile application.

Let’s say you built an API using Symfony and you need to access it from a mobile application using authenticated requests on behalf of your users.

Here’s how to make this work using Symfony 2.8 and Doctrine.

He starts by helping you install the FOSOAuthServerBundle and how to enable it in your Symfony application's configuration. He then includes the code for the OAuth classes: the client and entities for the access token and access token handler. He shows how to configure the bundle and add in routing and configure security protection for the parts of your application. Next he shows the creation of a client and how to document your API using the NelmioApiDocBundle.

tagged: oauth tutorial symfony authentication token doctrine entity

Link: https://medium.com/@dragosholban/symfony-oauth-authentication-for-your-mobile-application-b13de7202df7

Zeeshan Ahmed:
JWT authentication for Lumen 5.4
Sep 06, 2017 @ 17:44:23

In a recent post to his site ** shows you how to create a system that uses a handy package to create JWT authentication handling for a Lumen-based application. Lumen is the microframework sibling to the Laravel framework.

Recently I have been tinkering with Angular-4 to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the setup of a new Lumen project and populates the database with some sample (faked) user information from a seeder. Next he helps you get the firebase/php-jwt library installed via Composer and creates the matching controller and middleware to wire it into the application. In his example the user is authenticated via the standard username/password form and, when successful, generates a JWT token that's then passed along with other requests for validation by the middleware.

tagged: lumen laravel tutorial jwt authentication token firebase package

Link: https://zeeshanu.github.io/2017/09/05/jwt-authentication-for-Lumen-5.4/

Sitepoint PHP Blog:
ReactJS in PHP: Writing Compilers Is Easy and Fun!
Aug 28, 2017 @ 16:11:10

The SitePoint PHP blog has a tutorial they recently posted from Christopher Pitt covering creating compilers in PHP and examples of it in use.

Many developers avoid writing their own compilers or interpreters, thinking that the topic is too complex or difficult to explore properly. I used to feel like that too. Compilers can be difficult to make well, and the topic can be incredibly complex and difficult. But, that doesn’t mean you can’t make a compiler.

[...] Compilers (and interpreters) begin with humble string manipulation and temporary variables. When they’re sufficiently popular (or sufficiently slow) then the experts can step in; to replace the string manipulation and temporary variables with unicorn tears and cynicism. [...] In our case, we want to maintain most of the PHP syntax, but we also want to add our own little bit of syntax on top. We could create a whole new interpreter…or we could preprocess the new syntax, compiling it to syntactically valid PHP code.

He starts off with some of the basic concepts involved with creating compilers and breaking the current code down into tokens. He shares all the code you'll need to follow along as he goes through the parsing and splitting of the tokens. He shows how to organize the tokens into a more AST-like structure and building it out into a more correct PHP structure. He ends the tutorial by taking what he's helped you create and integrate it with the Pre PHP-based precompiler as a custom compiler. He includes some examples of it in use and a simple screencast of what the end result looks like (a basic task list application).

tagged: reactjs tutorial compiler parser token pre precompile integration

Link: https://www.sitepoint.com/reactjs-php-writing-compilers-easy-fun/

Laravel News:
Using the Google API with Socialite
Apr 11, 2017 @ 14:47:36

On the Laravel News site there's a new tutorial posted showing you how to use the Socialite package with the Google API to connect a user's account and get a list of their contacts.

When I start a project that requires users to log in using their Google accounts, I immediately turned to Laravel Socialite. Socialite is one of Laravel’s official packages, but it is clear it only handles user authentication, making its use not as dynamic as I had hoped it would be. While I needed users to log in, I also needed to get a list of their Google Contacts. In this post, I’ll show you how I was able to query a list of contacts from Google’s People API and keep using Socialite.

They start with a basic guide to creating an application on the Google API Console and what information you'll need (credentials) to allow your application to connect. Then, using the Google API Client for PHP and the functionality built into Socialite they create the approval flow and how to handle refresh tokens should your token expire.

tagged: tutorial laravel socialite contacts google api token

Link: https://laravel-news.com/google-api-socialite

SitePoint PHP Blog:
Let’s Kill the Password! Magic Login Links to the Rescue!
Dec 15, 2016 @ 18:36:17

On the SitePoint PHP blog there's a new tutorial posted from Christopher Vundi showing you how to create a password-less login system using "magic links". These links allow users to log into a service without requiring a password using a one-time code and a special URL.

Authentication is something that has evolved over the years. We have seen it change from email – password combination to social authentication, and finally password-less authentication. Actually, more like an “email only” authentication. In the case of a password-less login, the app assumes that you will get the login link from your inbox if the email provided is indeed yours.

[...] In this tutorial, we are going to implement such a system in a Laravel app. The complete code can be found here.

The tutorial then walks you through some of the setup of the application environment - creating the Laravel project, building out the database and running the "make:auth" to generate related controllers/views/models. They show you how to change the login link to point to the new "magic link" functionality and the matching controller and view. The tutorial then shows how to generate the tokens, email them to the user with the special URL and validate them once they come back in.

tagged: password magic login link tutorial token email

Link: https://www.sitepoint.com/lets-kill-the-password-magic-login-links-to-the-rescue/

Kévin Gomez:
Digging into: Humbug
Oct 27, 2016 @ 17:12:36

Kévin Gomez has a recent post to his site sharing some of the knowledge he gained when digging into Humbug, a mutation testing tool for PHP development.

While I’ve already used Humbug a few time, a recent article made my realise that I didn’t really know how it worked.

That’s when I got the idea to dig into Humbug to learn how it works, and publish my findings here.

He starts with a brief overview of Humbug for those not familiar with it - a mutation testing tool that reviews your unit tests to see how well they actually cover your code. It performs various operations (mutations) on the tests and evaluates the response. He then gets into how Humbug does this and what tools it uses to break down and understand your tests. He then goes through the actual code of the tool, walking through the tests, tokenizing the code and performing small changes to re-test and see how the results differ from the original results.

tagged: humbug mutation testing tool indepth library token variation

Link: http://blog.kevingomez.fr/2016/10/23/digging-into-humbug/

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 14:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

DotDev.co:
Test Driven API Development using Laravel, Dingo and JWT with Documentation
Jun 20, 2016 @ 15:15:04

On the DotDev.co site a tutorial has been posted showing the full set up of an API using Laravel, Dingo and JWT tokens while following test-driven development principles along the way.

As the complexity of API’s increase, improving the ways we create them becomes a necessity. Let’s take a journey exploring an efficient way of building well-tested API’s that are easy to develop and maintain by wiring up several different open-source packages.

In this tutorial, we will build a very simple API for fruits that lists all the fruits, shows one fruit, creates a fruit, and finally deletes a fruit. The API will allow anyone to list and show fruits but we will use JWT Authentication to protect creating and deleting operations so only the registered users can use them.

The tutorial starts by helping you get the TDD environment set up for the application and the required libraries installed. From there they install and configure Dingo and look at the role that transformers play in the API output. With a basic API in place the JWT tokens are integrated and another package is used to generate simple, clean API documentation. Full links to other packages, screenshots of the expected output and all the code you'll need is included.

tagged: testdriven development tdd laravel api dingo jwt token tutorial

Link: https://dotdev.co/test-driven-api-development-using-laravel-dingo-and-jwt-with-documentation-ae4014260148#.tccatytip


Trending Topics: