How to authenticate a javascript application (browser) in a PHP API?

Asked

Viewed 360 times

3

Personal,
I’m looking to develop a PHP API (Laravel) to consume it both on my SITE (angular) and on the mobile applications I’m still developing. However, I am having trouble implementing a secure authentication that allows updating user session time.

I already did a search and noticed that the staff recommends using OAUTH 2 with Grant type PASSWORD or IMPLICIT. However, since it is a javascript application, I cannot make client_secret available, making Grant type PASSWORD impossible. I could not use Grant type IMPLICIT either, because of the absence of REFRESH_TOKEN (which also needs to pass client_secret).

I cannot think of a solution to the problem and I count on the support of the community to find a solution.

Note: Only applications developed by me can access the API resources.

  • 2

    Do you know the JWT (JSON Web Tokens)? I recommend you to do a search, it seems that it would work for your project

  • You can help: https://laravel.com/docs/5.3/passport

  • With the launch of Laravel 5.3, it became much easier, as the colleague above quoted you find everything you need in the manual.

  • But... if you prefer to go your own way, I recommend two libraries I’ve been using for a long time: JWT - https://github.com/tymondesigns/jwt-auth e Guzzle, PHP HTTP client - https://github.com/guzzle/guzzle

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.