I'm migrating an app that does not need to do standard auth. Users first get authenticated and authorized through a university-wide shibboleth single signon system (that I do not manage, but trust). What my app needs to do is:
-
check for a non-null $_SERVER['REMOTE_USER'] variable (which contains a unique identifier known as "netid")
-
if the remote_user var is not null, check the value against my user db.
-
If the user exists, log them in. Otherwise, redirect to a registration form.
Can I leverage the built-in auth system with just a small number of changes to accomplish this?
All I want to do is designate the remote_user var as the credential (rather than email/password) and bypass/ignore any steps involving passwords.
I think you can change a bit standard auth middleware (https://github.com/laravel/laravel/blob/master/app/Http/Middleware/Authenticate.php) and check your server variable. If it's null then return response('Unauthorized.', 401) or pass the request otherwise.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast