black-bits / key-secret-api-authentication
Key Secret Api Authentication extension for Laravel
Requires
- php: >=7.1.0
- illuminate/support: ^5.5
Requires (Dev)
- orchestra/testbench: ^3.5
- phpunit/phpunit: ~6.0
This package is auto-updated.
Last update: 2024-10-29 04:53:22 UTC
README
Key Secret Api Authentication extension for Laravel
How to use
1. Require the package
composer require black-bits/key-secret-api-authentication
2. Extend your model (with key and secret fields)
In our case we want a project model, that has a key and a secret field, for api authentication. Therefore a user can have different projects, each with it's own key-secret pair for authentication. Instead of "extends Model", use "extends KeySecretAuthenticatableModel".
class Project extends KeySecretAuthenticatableModel { // ... }
3. Configure config/auth.php
Change the guard for api to the following...
'guards' => [ // ... 'api' => [ 'driver' => 'key_secret', 'provider' => 'key_secret', ], ],
... and add a new provider "key_secret" with reference to your Model
'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ], 'key_secret' => [ 'driver' => 'eloquent', 'model' => App\Project::class, ], ],
4. Modify MiddlewareGroup in App\Http\Kernel.php
Change the MiddlewareGroup in the Kernel as you would for usage for api_token. Set the "auth" to "auth:api".
protected $middlewareGroups = [ 'web' => [ // ... ], 'api' => [ 'auth:api', 'throttle:60,1', 'bindings', ], ];
5. Start Using it
In "routes/api.php" create a route and start using it.
Route::get('test', function (Request $request) { return "hello world - " . $request->user()->name; }); // Be aware, that "$request->user()->name" will return the property "name" from our Project-Model and not from the referenced User-Model.
Add a new Header to your API Call with a key "Authorization" and a value "Bearer xyz". xyz should be replaced with your base64_encoded key:secret pair.
$key = 'abc' $secret = '12345' $token = base64_encode($key . ':' . $secret);
ToDo's
- The token should be refactored to use jwt.