Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Learn about Grant Types in Laravel Passport
Aug 24, 2016 @ 10:46:49

On the Laravel News site today they've posted a tutorial helping you learn more about the grant types in the OAuth2 functionality provided by Laravel Passport.

OAuth2 is a security framework that controls access to protected areas of an application, and it’s mainly used to control how different clients consume an API ensuring they have the proper permissions to access the requested resources.

Laravel Passport is a full OAuth2 server implementation; it was built to make it easy to apply authentication over an API for laravel-based web applications.

For those not familiar with some of the terms around OAuth and its handling, they start with a few brief definitions (those that are familiar can skip them). Following this the post gets into the creation of a two kinds of grant handling with Passport: third-party authorizations and first-party applications (your own apps authenticating against the OAuth server). The post ends with a brief mention of creating access tokens manually, but points out that thing functionality should probably only be used during testing.

tagged: laravel passport oauth2 grant types password thirdparty server

Link: https://laravel-news.com/2016/08/passport-grant-types/

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 09:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

Sara Golemon's Blog:
The government will disavow any knowledge of your existence.
Jul 25, 2006 @ 05:35:47

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

tagged: passport issues phpworks2006 extension writing pdo_user passport issues phpworks2006 extension writing pdo_user

Link:

Sara Golemon's Blog:
The government will disavow any knowledge of your existence.
Jul 25, 2006 @ 05:35:47

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

tagged: passport issues phpworks2006 extension writing pdo_user passport issues phpworks2006 extension writing pdo_user

Link: