Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zeeshan Ahmad:
JWT authentication for Lumen 5.6
Apr 18, 2018 @ 12:57:25

On his Medium.com blog Zeeshan Ahmad has posted a tutorial showing you how to set up JWT authentication in a Lumen application. Lumen is a micro-framework based on the larger Laravel framework's components.

Recently I have been tinkering with Vue.js to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the process of creating the application, creating the required configuration files/settings and the creation of the model and migration for the users table in the database. After populating the table with some fake seed data, he uses Composer to pull in the firebase/php-jwt library. From there he includes the code for the User controller and the JWT middleware that will handle the decoding of the token and locating the matching user. In his example it doesn't show the authentication process for the creation of the token, just the validation once it's set.

tagged: lumen jwt authentication tutorial firebase

Link: https://medium.com/tech-tajawal/jwt-authentication-for-lumen-5-6-2376fd38d454

Pineco.de:
Frequently Asked Questions About Laravel based APIs
Mar 15, 2018 @ 10:35:09

On the Pineco.de site there's a new post that answers some of the frequently asked questions they've heard about APIs in Laravel-based applications.

Developing APIs are getting more and more popular, but still, it’s a bit blurry field for many developers. We collected some common questions and tried to answer them in one place.

Their list of questions includes:

  • "What does RESTful mean?"
  • "How does API authentication work?"
  • "Why Laravel has a “web” and an “api ” middleware group?"
  • "How can I test my APIs?"

For each there's a brief summary of the issue and links to other sources (documentation and packages) to help answer or fix the issue.

tagged: laravel api faq question rest authentication middleware testing

Link: https://pineco.de/frequently-asked-questions-about-laravel-based-apis/

Gonzalo Ayuso:
Authenticate OpenUI5 applications and Lumen backends with Amazon Cognito and JWT
Dec 11, 2017 @ 10:26:21

On his site today Gonzalo Ayuso has a tutorial posted showing how to create authentication in OpenUI5 applications with the help of Lumen, Amazon Cognito and JWTs.

Today I want to create an UI5/OpenUI5 boilerplate that plays with Lumen backends. Simple, isn’t it? We only need to create a Lumen API server and connect our OpenUI5 application with this API server. But today I also want to create a Login also. The typical user/password input form. I don’t want to build it from scratch (a user database, oauth provider or something like that). Since this days I’m involved with Amazon AWS projects I want to try Amazon Cognito.

He then walks through the Cognito service and what it has to offer including user management and authentication handling. He starts with the OpenUI5 side, creating the basic application and login handling via the Congnito Javascript SDK. He then modifies this with some basic user handling and creates the view for the login form. He also includes functionality for password resets and the code required to inject the JWT into every request post-authentication.

tagged: openui5 application tutorial authentication amazon cognito lumen backend

Link: https://gonzalo123.com/2017/12/11/authenticate-openui5-applications-and-lumen-backends-with-amazon-cognito-and-jwt/

TutsPlus.com:
How to Create a Custom Authentication Guard in Laravel
Nov 10, 2017 @ 11:53:25

In the TutsPlus.com site there's a tutorial posted showing you how to create a custom guard in Laravel by building on top of the current system to integrate it with a MongoDB database.

In this article, we’re going to cover the authentication system in the Laravel framework. The main aim of this article is to create a custom authentication guard by extending the core authentication system.

Laravel provides a very solid authentication system in the core that makes the implementation of basic authentication a breeze. [...] Moreover, the system itself is designed in such a way that you could extend it and plug in your custom authentication adapters as well. That’s what we'll discuss in detail throughout this article.

The article then starts out with a brief description of the two parts of the system: "guards" and "providers". It then provides the list of files that will be involved and where they belong in the overall structure. From there it's on to the configuration changes and code required to make the link to the MongoDB database and the creation of the User model and authentication provider. Next comes the code to create the guard and what's required to tie it all together and make the full system work. The tutorial wraps up with an example of testing this new guard via a simple controller call.

tagged: laravel tutorial guard authentication user framework mongodb

Link: https://code.tutsplus.com/tutorials/how-to-create-a-custom-authentication-guard-in-laravel--cms-29667

Pineco.de:
Implementing Laravel’s Authorization on the Front-End
Sep 27, 2017 @ 10:15:56

On the Pineco.de site there's a tutorial posted showing you how to implement the Laravel auth system on the frontend re-using the same logic in a single-page Vue.js application as you would on the backend.

If you are using Laravel, probably you are familiar with its ACL. You can easily restrict user’s access by creating policies and binding them to the specific models. It works perfectly on the back-end, but what can we do if our app is something like an SPA?

The post starts with a brief overview of the Laravel ACL handling as it relates to users and policies about what they can do or access. The frontend setup then makes use of a "cheap copy" of the Laravel "gate" handling via a Javascript-based request. They walk you through the preparation work you'll need and the creation of a gate class to define the current policies for CRUD methods. The main "Gate" class is then defined, setting up the before, allow and deny action methods. Finally these pieces are integrated into the Vue.js application with an example of either showing or hiding the "Edit" link based on the user permissions.

tagged: laravel authentication gate frontend vuejs tutorial gate logic javascript

Link: https://pineco.de/implementing-laravels-authorization-front-end/

Auth0 Blog:
Building an app with Nette and adding authentication
Sep 21, 2017 @ 10:07:59

On the Auth0 blog there's a tutorial posted that shows you how to build an application with the Nette framework and easily integrate authentication via their own JSON web token functionality.

Nette is a free, open-source PHP framework designed for building web applications. Nette is a set of decoupled and reusable PHP packages that will make your work easier. And Nette is also known as the quick and comfortable web development framework in PHP because it has the tools that allow you to bang out PHP applications rather quickly.

[...] In this tutorial, I'll show you how easy it is to build a web application with Nette and add authentication to it. Check out the repo to get the code.

The tutorial starts by talking about some of the built-in tools the framework includes and some basic use of each. It then gets into building the application, creating the controller, view and template to output a list of characters from Game of Thrones. From there it moves into the authentication piece, showing the integration of the Auth0 plugin and how to hook it into an application on their platform. There's a bit of configuration to set it up as an authenticator but then the framework and the plugin take care of the rest.

tagged: nette framework authentication tutorial auth0 jsonwebtoken json jwt

Link: https://auth0.com/blog/building-an-app-with-Nette-and-adding-authentication/

Dragos Holban:
Symfony OAuth Authentication for Your Mobile Application
Sep 11, 2017 @ 12:57:13

On his Medium site Dragos Holban has a new tutorial posted as a part of his "Learn Symfony 2.8" series. This time he shows how to use Symfony OAuth authentication for a mobile application.

Let’s say you built an API using Symfony and you need to access it from a mobile application using authenticated requests on behalf of your users.

Here’s how to make this work using Symfony 2.8 and Doctrine.

He starts by helping you install the FOSOAuthServerBundle and how to enable it in your Symfony application's configuration. He then includes the code for the OAuth classes: the client and entities for the access token and access token handler. He shows how to configure the bundle and add in routing and configure security protection for the parts of your application. Next he shows the creation of a client and how to document your API using the NelmioApiDocBundle.

tagged: oauth tutorial symfony authentication token doctrine entity

Link: https://medium.com/@dragosholban/symfony-oauth-authentication-for-your-mobile-application-b13de7202df7

Zeeshan Ahmed:
JWT authentication for Lumen 5.4
Sep 06, 2017 @ 12:44:23

In a recent post to his site ** shows you how to create a system that uses a handy package to create JWT authentication handling for a Lumen-based application. Lumen is the microframework sibling to the Laravel framework.

Recently I have been tinkering with Angular-4 to get a taste of it and I decided to create a quick project to get my hands dirty. I decided to create a blog with authentication etc. My main focus was on the frontend so I decided to quickly bootstrap an application in Lumen because of its simplicity and almost zero-configuration development. For the authentication, I decided to go with JWT and this post is going to be a quick write-up on how I integrated that and how anyone can integrate JWT authentication in their APIs.

He then walks you through the setup of a new Lumen project and populates the database with some sample (faked) user information from a seeder. Next he helps you get the firebase/php-jwt library installed via Composer and creates the matching controller and middleware to wire it into the application. In his example the user is authenticated via the standard username/password form and, when successful, generates a JWT token that's then passed along with other requests for validation by the middleware.

tagged: lumen laravel tutorial jwt authentication token firebase package

Link: https://zeeshanu.github.io/2017/09/05/jwt-authentication-for-Lumen-5.4/

9Lessons.info:
Ionic 3 and Angular 4: PHP Restful API User Authentication for Login and Signup
Jun 23, 2017 @ 10:32:17

On the 9Lessons.info site they've posted a tutorial walking you through the creation of an application using Iconic 3, Angular 4 and a PHP restful API and how to handle user authentication and signup. It's a continuation from this previous post that kicked off the series.

Today’s post explains how to implement login authentication system for your AngularJS applications. It will show you how to log in with a user and store the user session, so it deals with token based authentication. Since we are using token based authentication, it protects if any unauthorized request is made and notices for a new login if required. This makes your application’s authentication to be more secured compared with any other authentication system. Every user details will be stored in an external database and a PHP based API is used in the backend for handling this authentication. Hope you’ll find it more easily using this as your authentication system in your AngularJS projects.

They assume you've worked through the previous post and already have the basic structure of the application set up. They share a screencast showing the process but also include the key details - database tables, code and markup - in the post for those that prefer to follow along that way.

tagged: tutorial 9lessons iconic angularjs restful api user authentication signup

Link: http://www.9lessons.info/2017/06/ionic-angular-php-login-restful-api.html

Zend Framework Blog:
Nested Middleware in Expressive
Mar 16, 2017 @ 11:52:21

On the Zend Framework blog Matthew Weier O'Phinney has posted another tutorial, this time showing you how to use nested middleware in Expressive allowing for the composition of your own workflow in the request/response flow.

A major reason to adopt a middleware architecture is the ability to create custom workflows for your application. Most traditional MVC architectures have a very specific workflow the request follows. While this is often customizable via event listeners, the events and general request lifecycle is the same for each and every resource the application serves.

With middleware, however, you can define your own workflow by composing middleware.

He starts by describing one of the main concepts in the workflow of the application: pipelines. He gives an example of the default pipeline included with the Expressive skeleton application and how the middleware it uses nests to create a custom logic and handling flow. He follows this with an example scenario showing how to add authentication into the pipeline, specifically the use of Digest authentication via a PSR7 middleware package. Code is included for the integration of this package and the end result - all pages requiring authentication. He shows how to modify this and limit it to only certain paths and how to nest them in the route definitions.

Finally he shows another approach - creating a custom middleware pipeline inside of the factory for the requested middleware. He also covers nested applications, using traits for common workflows and the use of "delegator factories".

tagged: expressive tutorial nested middleware pipeline custom authentication example

Link: https://framework.zend.com/blog/2017-03-15-nested-middleware-in-expressive.html