Suggestion: Auth0 implementation about laravel-api-boilerplate HOT 21 OPEN

It will definitely come, do not worry guys 😄

Right now the main trouble for me is that there's a lot of work on the roadmap, and trying to priorotise the easy wins.

Right now, the built-in JWT will suffice for 80% of use cases. Next, I want to write HMAC authentication, which will take some effort because I don't think there are any maintained laravel auth hmac implementations, but it's very useful for APIs.

Down the track a bit will be passport and/or auth0.

from laravel-api-boilerplate.

@specialtactics I'm about to publish a PR with my own implementation of Auth0. You should probably create a Dev branch so I could publish it without affecting the main one?

from laravel-api-boilerplate.

Hey there

Thanks for the suggestion, it is actually on the cards to make this package integrated with Passport, and so I will add Auth0 to that as well 👍

from laravel-api-boilerplate.

@roasted-toast I am not use, the underlying dingo package relies on api.auth, if you replace it, then whatever you replace it with has to provide an equivalent implementation of authentication, and work with helpers like auth()

from laravel-api-boilerplate.

No problem @egdavid , there's no rush for sure, as I myself wouldn't get to it for months. If you feel like contributing, it would be very welcome.

Dingo itself has configurable auth providers, I think that's the place to start to make it swappable.

from laravel-api-boilerplate.

@egdavid Sure, I've pushed a "dev" branch, based off the latest master. Can't wait to see!

from laravel-api-boilerplate.

@specialtactics thanks for the answer.

I've integrated the Auth0 JWT management and I can now login using Auth0 (Facebook, Google or anything else) and use the TokenId to call API boilerplate's endpoints.

I'm just worried about a little thing: can you confirm that I can completely get rid of the api.auth middleware ? Since my SPA wont use or make any crud request for the users table on my Laravel api.

from laravel-api-boilerplate.

@specialtactics +1 for https://laravel.com/docs/master/passport
I know Auth0 makes it simple also but I have no idea why indie makers and devs would use it, they charge per user, and it's not cheap either 🗡
Out of curiosity what does this repo use now for API auth, if not passport?

from laravel-api-boilerplate.

A JWT Auth system is implemented within the boilerplate.

from laravel-api-boilerplate.

@egdavid got it. Love to see support for Laravel passport.

from laravel-api-boilerplate.

@specialtactics I could create a PR of my own implementation of Auth0 if you want.

from laravel-api-boilerplate.

@egdavid If you've integrated it into the boilerplate, I would definitely love to see !

So long as it won't break any existing functionality and can be turned on/off, it should be fine.

from laravel-api-boilerplate.

@specialtactics in this particular case it will require some changes, there is no way to turn it on or off for example and I'm not sure it would not break the existing JWT auth system since I "got rid" of it.
However, I could try to produce a decent Pull Request for your boilerplate, asap (within the next week or so).
P.S.: this implementation will require a documentation to explain how M2M auth actually works with Laravel and how it needs to be set @ Auth0. It has not be well detailed by Auth0 in their doc, I had to do some extra researches by myself.

from laravel-api-boilerplate.

@specialtactics I'm updating the code based on the latest master and my public (unauthenticated) routes don't work anymore.
It happens only on endpoints that don't require authentication while being unauthenticated. As soon as I log in (on Postman), it works.
Here is the error:

{
    "message": "Call to a member function can() on null",
    "statusCode": 500,
    "debug": {
        "line": 98,
        "file": "/home/david/Sites/apiboilerplatenew/vendor/specialtactics/l5-api/src/Http/Controllers/Features/AuthorizesUserActionsOnModelsTrait.php",

Any idea?
It used to work before the boilerplate update. Models haven't been updated.

EDIT: seems like I've had some issues with my custom API Policies. I've removed them for the incoming push.

from laravel-api-boilerplate.

So did you fix the issue @egdavid ? I would advise, if you have unauthenticated routes, the model used by those controllers can't have a policy, since there wouldn't be any logged in user to check any access policies against.

from laravel-api-boilerplate.

Hey guys, +1 on this. Any updates?

from laravel-api-boilerplate.

No updates sorry, not a priority unfortunately at the moment !

from laravel-api-boilerplate.

from laravel-api-boilerplate.

@mroushdy Nothing of laravel is changed actually, it all works through packages and inheritance. It's the same version of Laravel as any other.

from laravel-api-boilerplate.

Hello Dear
Thanks for the great work.
Kindly help if you have time,
when I run composer test it gives me this error. I have mysql I dont use POSTGRES

./vendor/bin/phpunit --colors=always -v --testdox
PHPUnit 9.5.12 by Sebastian Bergmann and contributors.

Error in bootstrap script: Illuminate\Database\QueryException:
could not find driver (SQL: select tablename from pg_catalog.pg_tables where schemaname in ('public'))
Script ./vendor/bin/phpunit --colors=always -v --testdox handling the test event returned with error code 1

from laravel-api-boilerplate.

@Master-maynd mysql should be the default indeed, let's make sure it's set like that

• The default driver in config/database.php should be mysql
  • 'default' => env('DB_CONNECTION', 'mysql'),
• The DB_CONNECTION in .env should be set to mysql
  • DB_CONNECTION=mysql
• Make sure that in phpunit.xml you are not overriding the DB_CONNECTION setting above

If it all fails I suggest

• to compare your branch against the boilerplate as spot the diffs
• Push your code to a pubic repo (if possible) or post your configs here

from laravel-api-boilerplate.