What is a relaxing backend service

Lumen - no token-based authentication? - php, Laravel, Lumen

This is my first time trying to use Lumen to create a relaxing backend service.

I'm used to working with Laravel, but I'm already bogged down with Lumen authentication. I can't find any tutorials on this.

I'm not even sure my logic is safe for that. Basically, I receive a post request that contains an email and a password, then I want to check whether the information is correct, etc. and authenticate the user.

I feel like I'm missing something. Is this something that is included by default or do I have to rewrite the auth service?


0 for the answer № 1

It seems to be in the documentation you linked.

The class is passed to this function. You would need to get the email and password out and check that they are valid.

Not sure how best to do this with Lumen or how much is available. To make that easy, you can just do the following:

Remember, Lumen does not support session state. You will need to enter the email address and password for each request. Once it's set up, all you have to do in Lumen is to use the functions the user can take.

You can also use jwt-auth which uses JSON web tokens which also makes it pretty easy and allows you not to divulge emails and passwords.


0 for the answer № 2

For anyone who comes across this problem. Here's how I solved it:

In the auth serviceProvider (boot method) check whether an authorization header is available. If there is one, it should contain an apiToken that you can use to review and continue normal flow.

If there is no authorization header, you will be able to search the request variable for an email and password. Confirm the registration and, if successful, save a new apiToken. I returned this token to the front end and created a function that would handle all Ajax requests to include this token in the header. I also implemented a function that processes every response in my front end application looking for a 401 when it is redirected to the login page.

With this approach, you can use either authentication method and Auth :: user () is available in your application. Just make sure that the login page is not treated with the auth middleware!