How does Password Grant Tokens work on Windows?

Asked

Viewed 105 times

0

I want to develop an application to consume a Rest api and I want to add API KEY to validate the communication between the client application and the service (cross-device validation), application authentication, without having the application users have to create an account. I wish to do as the TMDB, that generates api keys for developers. I found a project called laravStart, it implemented a module for developers to generate keys for client authentication (between applications - Oauth Clients) and personal access tokens (Personal Access Tokens), example: inserir a descrição da imagem aqui As in the image, I creating a new Client it asks me a return URL and I did not understand how it works.

inserir a descrição da imagem aqui

For example: I register a Client with Lojaz name and return url: https://lojaz.com/callback and get a key:rV5CQQCF4gHGS29zqAUazBJPof9pS6ESvg7C2hAh. inserir a descrição da imagem aqui My client, a mobile app or Postman, requests a url, for example: https://lojaz.com/api/v1/produtos/1?key=rV5CQQCF4gHGS29zqAUazBJPof9pS6ESvg7C2hAh, what would happen? Because in documentation does not explain this detail. I will test the laravStart at Postman and I am not knowing how to prepare the requisition.

laravel api oauth2 jwt

1 answer

0

Let me see if I understand your problem, you want to add an authorization method in your API, thus freeing the access only for those who have access code that will be passed as parameter of the request to your API?

If that’s what you wanted to do, the ideal would be to create a global middleware in its application Laravel.

At middleware you can do something like:

class CheckAccess
{
    public function handle($request, Closure $next)
    {
        $accessKey = $request->header('ACCESS_KEY');

        if ($accessKey === 'SUA_CHAVE_PRIVADA') {
            $next($request);
        } else {
            throw new Error();
        }
    }
}

  • I’ll have to improve my question, but I like your suggestion. So, for example, as in TMDB, I want a developer type user to be able to create an application-level authentication key and the request url to be passed as a parameter, for example: https://api.themoviedb.org/3/movie/76341?api_key={api_key}

  • But I like your suggestion.

Browser other questions tagged laravel api oauth2 jwt

You are not signed in. Login or sign up in order to post.