you could look into oauth2. dingo api can integrate with oauth2 server.
The solution I use is to POST to my REST auth controller, and return a api key (token), that is saved in the user's profile. The mobile app saves this token in storage. Then in any call in the mobile app send the token in the request as a GET parameter or header parameter. All other methods in the app have a Route filter using something that looks like this:
Route::filter('api', function() {
// Fetch a user record based on api key
$user = User::where('api_key', '=', Input::get('api_key'))
->take(1)
->get();
if ($user->count() > 0) {
Auth::onceUsingId($user[0]->id); // Authorize the user for this one request
} else {
return Response::view('errors.404', array(), 404)->header('Content-Type', 'application/json');
}
});
This will authorize the user for the request to the API, and allows you to use the syntax in the Auth library for whatever purpose you need it for. You can usually set a session length type key in the app, and it you like, you can compare the current time and the session length to force them to login again.
The solution I use is to POST to my REST auth controller, and return a api key (token), that is saved in the user's profile. The mobile app saves this token in storage. Then in any call in the mobile app send the token in the request as a GET parameter or header parameter. All other methods in the app have a Route filter using something that looks like this:
Route::filter('api', function() {
// Fetch a user record based on api key
$user = User::where('api_key', '=', Input::get('api_key'))
->take(1)
->get();
if ($user->count() > 0) {
Auth::onceUsingId($user[0]->id); // Authorize the user for this one request
} else {
return Response::view('errors.404', array(), 404)->header('Content-Type', 'application/json');
}
});
This will authorize the user for the request to the API, and allows you to use the syntax in the Auth library for whatever purpose you need it for. You can usually set a session length type key in the app, and it you like, you can compare the current time and the session length to force them to login again.
Thanks pickupman and labox.
How do you generate the token and what's the time to live of this token? It change?
pickupman said:
The solution I use is to POST to my REST auth controller, and return a api key (token), that is saved in the user's profile. The mobile app saves this token in storage. Then in any call in the mobile app send the token in the request as a GET parameter or header parameter. All other methods in the app have a Route filter using something that looks like this:
Route::filter('api', function() { // Fetch a user record based on api key $user = User::where('api_key', '=', Input::get('api_key')) ->take(1) ->get(); if ($user->count() > 0) { Auth::onceUsingId($user[0]->id); // Authorize the user for this one request } else { return Response::view('errors.404', array(), 404)->header('Content-Type', 'application/json'); } });This will authorize the user for the request to the API, and allows you to use the syntax in the Auth library for whatever purpose you need it for. You can usually set a session length type key in the app, and it you like, you can compare the current time and the session length to force them to login again.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast