stackoom
  简体   繁体   中英

How to authenticate API requests in Laravel?

 原文  2017-04-03 13:53:02       laravel/ api/ authentication/ request

Question

I am currently building some sort of posts based web application using Laravel 5(.4). I have decided to load asynchronously the comment section for each post(and refresh it periodically). After some research I have decided to write a small integrated REST API (using the api routes of Laravel ) that should answer to the requests made through AJAX .
However, I am facing the problem if authenticating the incoming requests . Take for example a request to post some comment. How exactly would you recommend to do that?

2 answers

solution1
 0  2017-04-03 14:16:00

"Passport includes an authentication guard that will validate access tokens on incoming requests. Once you have configured the api guard to use the passport driver, you only need to specify the auth:api middleware on any routes that require a valid access token" - from the Laraven Documentation.
Apparently I have to configure passport, and after that configure the auth:api middleware to use the passport driver. Correct me if I'm wrong, please :)

solution2
 0  2017-04-03 16:21:30

If you are making AJAX requests from browser and you are signed in then you don't need to use Laravel Passport tokens. You can define certain routes which will be using web , auth middleware on requests like webapi/comments/get like this. 

Route::group(['middleware' => ['web','auth]], function () {
        Route::get('webapi/comments/get', 'CommentsController@get');
}

And use Auth Facade as you do in web request ie Auth::check(), Auth::user() etc. and return the data in JSON like this. 

class CommentsController extends Controller
{
    public function get(Request $request)
    {
         if($request->acceptsJson()){
            $data = array();

            // add data

            return response()->json([
                   "data"=> $data,
                   "status" => true
                  ]);
         }else{
            return abort(404);
         }

    }
}

You can also send Accept header in AJAX request as application/json and in controller check if request $request->acceptsJson() and make your decision to show content when url is loaded from browser address bar or requested as AJAX.

Laravel Passport token are useful where there is no session and cookies are managed.

hope this helps :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to authenticate for Laravel API? how to authenticate RESTful API in Laravel 5? Laravel Passport: Authenticate api requests based on access token issued by another microservice How to authenticate user base on JWT API - Laravel 5.8? Laravel 5.6 - How to authenticate API using sessions for same folder SPA? How to authenticate user without auth:api middleware in laravel 5.3? How to authenticate Vue.js / Axios request of an API route in Laravel How to authenticate user from the respons of rest API in Laravel? How to handle simultaneous save API requests in laravel? How to authenticate guest user in laravel
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM