black-bits/key-secret-api-authentication

Key Secret Api Authentication extension for Laravel

0.0.2 2017-10-12 00:55 UTC

This package is auto-updated.

Last update: 2024-10-29 04:53:22 UTC


README

Latest Version on Packagist Software License Build Status Total Downloads

Key Secret Api Authentication extension for Laravel

How to use

1. Require the package

composer require black-bits/key-secret-api-authentication

2. Extend your model (with key and secret fields)

In our case we want a project model, that has a key and a secret field, for api authentication. Therefore a user can have different projects, each with it's own key-secret pair for authentication. Instead of "extends Model", use "extends KeySecretAuthenticatableModel".

class Project extends KeySecretAuthenticatableModel
{
    // ...
}

3. Configure config/auth.php

Change the guard for api to the following...

'guards' => [
    // ... 
    
    'api' => [
        'driver' => 'key_secret',
        'provider' => 'key_secret',
    ],
],

... and add a new provider "key_secret" with reference to your Model

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],

    'key_secret' => [
        'driver' => 'eloquent',
        'model' => App\Project::class,
    ],
],

4. Modify MiddlewareGroup in App\Http\Kernel.php

Change the MiddlewareGroup in the Kernel as you would for usage for api_token. Set the "auth" to "auth:api".

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        'auth:api',
        'throttle:60,1',
        'bindings',
    ],
];

5. Start Using it

In "routes/api.php" create a route and start using it.

Route::get('test', function (Request $request) {
    return "hello world - " . $request->user()->name;
});

// Be aware, that "$request->user()->name" will return the property "name" from our Project-Model and not from the referenced User-Model.

Add a new Header to your API Call with a key "Authorization" and a value "Bearer xyz". xyz should be replaced with your base64_encoded key:secret pair.

$key    = 'abc'
$secret = '12345'
$token  = base64_encode($key . ':' . $secret);

ToDo's

  • The token should be refactored to use jwt.