Support the ongoing development of Laravel.io →
Authentication Session Eloquent
Last updated 2 years ago.
0

Basic auth is only secure over HTTPS, same as OAuth 2. Passing the username and password as Basic Auth every time (since RESTful APIs should be stateless, therefore creating a session isn't the way to go) is a fair approach, but it means likely having to store the user's username and password, not ideal. A similar approach is to exchange the username and password for a generated API key which acts like a session, and provide that key as a header (like X-API-Key) for every request (fulfilling the stateless requirement) -- or another common way is providing it as the username for Basic auth, and accessing it using Request::getUser().

It's not inherently flawed, just be careful to use HTTPS for production and store the username/password safely on the client, or better yet use short-lived API keys.

Implementing an OAuth 2 server is going to be better, but also more complex.

Last updated 2 years ago.
0

So the best way to go is with an OAuth 2 server?

Last updated 2 years ago.
0

In here you have an implemetation for laravel, but you will need use HTTPS

https://github.com/lucadegasperi/oauth2-server-laravel

Last updated 2 years ago.
0

This library for Laravel 4 uses API key authentication on your controllers:

https://github.com/chrisbjr/api-guard

You would typically put your API key as part of your header - preferably the "Authorization" header so it would be encrypted when using HTTPS/SSL.

Last updated 2 years ago.
0

A better method of authenticating token in Laravel REST API is by using Laravel Passport (https://www.cloudways.com/blog/rest-api-laravel-passport-authentication/ ). It is a package that makes the authentication much easier and quicker. Passport provides a full OAuth2 server implementation for Laravel applications.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.