Reputation: 1744
Laravel 4 Auth With Token
I asked a question the right way to structure a project with Laravel 4. I currently am making an API (to support a mobile app) and a web app to serve as the backend.
1) What would be the best practice for this? Two installations (the web app would get data via the api (what I have done)? Using one Laravel installation with namespaces? One Laravel installation with folders?
2) I have make a custom auth driver for Laravel and got it working. In the return on login I return an API token which I need for subsequent calls. I understand that in Laravel, only the ID of the user is saved, how would I make the api token saved at well when Auth::check() passes? Some of this stuff is making me question if it is bad to use Laravel in this decoupled from the db setting because it makes Eloquent not an option.
Upvotes: 0
Views: 572
Answers (1)
Reputation: 22862
I have 2 separate installations - one for API and one for web (which uses this API).
Don't bother with additional cost of +-50MB of another installation - separate them!
AUTH
On each request I set 'Access-Token' header on client side. This token is read then on API side with Header::get('Access-Token'). Then I store authenticated user just for this one and only request - API should be stateless (no user data in session, require auth on each request).
Among other things I also check Accept and Content-Type headers - my API only accept application/json and sports responses in application/json format as well.
Upvotes: 1
Related Questions
- Laravel - authenticating with session token
- Laravel API login with username and token
- Laravel 5.2 Authentication Token
- laravel login through API using token
- How to use token authentication in laravel web page
- laravel 5.4 Token based Oauth implementation
- Laravel token based User Authentication?
- Implement token for Laravel 4 RESTful API authentication
- Laravel 4 authentication token doesn't match
- Token issue when attempting to login laravel