I am using sentinel by Ryan Durham https://github.com/rydurham/Sentinel with Laravel 5.1.
I used to use Confide https://github.com/Zizaco/confide with Larvel 4.2.
With Confide I was able to add an auth to any route like this
// Applies auth filter to the routes within orders/
Route::when('orders/*', 'auth');
I've searched through Sentinel documentation for this feature but I cannot find out how to get this done. I can put an auth for say admin or user in the construct of a controller, but I need to have specific auth abilities on specific routes.
My question is, how can I redirect a user who goes to a route only for admin using rydurham sentinel in a clean fashion the same as Confide?
You should use sentinel middlewares on routes. Something like
Route::get('orders', ['middleware' => 'sentry.admin', function () {
// return view;
}]);
Related
I had created a project before now and want to make API of it also I had a default laravel auth login module too now wants to generate sanctum auth for APIs but 2 auth running I guess.
pic shows working sanctum which I created for api
"account-settings", route in middleware not getting access but redirecting to "/login" page as shown in response, below I am providing api.php code too
In the pic this commit code // Route::group(['middleware' => ['auth', 'roles'],'roles' => ['admin','user','developer']], function () { is default laravel auth which have i commited in trying to make code working
I am want to build an app which has a static frontend ( target: 'static' in nuxt.config.js ), and a backend using ktor. The app will need to authenticate users but I do not want to manage passwords and things myself, so I would like to integrate with AWS Cognito. Based on my understanding, I think this is the workflow I want:
User is browsing the site anonymously (no login)
They do some action which requires login or explicitly click on login button.
User gets redirected to AWS Cognito ui for login. They may register for new account, login with their existing, or login using another provider (after configuring cognito for it).
Cognito ui redirects user back to the app ui but with JWT tokens in query params (I think this is just how cognito does it)
The JWT token (s?) get stored in vuex store / nuxt auth
The token is used when making requests to the backend. As well as showing some additional components / actions if the user is authenticated and their basic info like username (part of jwt?)
I think I have cognito and the ktor backend setup correctly but I don't know how to get started for the frontend.
The nuxt auth module guide says to set up middleware, but afaik middleware is only for server side rendered apps.
I need to activate the vuex store but I don't know what to put there. Are there some specific things the auth module expects or do I just create an empty file in the directory?
How do I tell it when to redirect or read the token from query param?
How to parse the JWT token (if it doesn't automatically) and get some payload info like username from it?
Does the axios module get configured automatically to make use of this?
I found this old github issue 195 in the auth module repo, but I believe that's for when the "login form"/ui is part of the nuxt app and client is making use of the cognito api without 'redirect'.
Unfortunately everything in this stack is new for me so any help is appreciated. If there is already a project doing something similar, I look at the code and try to figure it out but right now I'm lost.
update 2020-12-31, mainly so that I can put a bounty on this soon: The live demo at https://auth0.nuxtjs.org/ seems to be doing what i'm looking for but then the github page read me shows something else https://github.com/nuxt/example-auth0. Also i don't see middleware / plugins used anywhere. it's all mostly configured through nuxt config, so it only works for the auth0 custom provider?
I was having the same issue as you:
How do I tell it when to redirect or read the token from query param?
I solved this by configuring auth.redirect.callback to match the endpoint that cognito will callback with the token. I believe this will tell the middleware when to look for a new token in the query param.
nuxt.config.js:
auth: {
redirect: {
callback: '/signin',
...
},
strategies: {
awsCognito: {
redirectUri: "http://localhost:8080/signin",
...
}
}
}
And to answer your other questions:
The nuxt auth module guide says to set up middleware, but afaik middleware is only for server side rendered apps.
I tried this setup with ssr: false and it still works fine.
I need to activate the vuex store but I don't know what to put there. Are there some specific things the auth module expects or do I just create an empty file in the directory?
An empty index.js file is fine.
How do I tell it when to redirect or read the token from query param?
See first answer above.
How to parse the JWT token (if it doesn't automatically) and get some payload info like username from it?
From my initial testing I found that the middleware will automatically call the userInfo endpoint when user data is requested e.g. this.$auth.user.email
strategies: {
awsCognito: {
scheme: "oauth2",
endpoints: {
userInfo: "https://x.amazoncognito.com/oauth2/userInfo",
ref: https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html
Does the axios module get configured automatically to make use of this?
Yes.
I am using Laravel 6 and in the controller store method, Auth::user() returns null even when the user is logged in but works in blade template. I have gone through similar questions but nothing is working.
I am posting to an API route and I am not sure whether this is the reason. Kindly assist.
If you have not adjusted the api web group or the RouteServiceProvider that comes with the default application you will not have any session support in your API routes (routes/api.php). The APIs are usually stateless so no session support. If you want to deal with authentication using the built in authentication system you would want to deal with a token based system. The default api guard that is setup for you will use the TokenGuard which will look in the request for a token being passed to authenticate the user against. You would need to assign the middleware auth with the parameter api, to specify the api guard, auth:api.
If you send a request correctly to one of these end points now, including the token, you will have a user returned from Auth::user() or $request->user() etc.
Laravel 6.x Docs - API Authentication - Passing Tokens in Requests
Laravel 6.x Docs - API Authentication - Protected Routes auth:api
Pleease read the whole section for a better understanding of using this type of Guard with the built in Authentication system:
Laravel 6.x Docs - API Authentication
If you don't want to deal with a "stateless" API, and you would rather use sessions you can just move your API routes to the web.php file and prefix them with api.
I have the following scenario:
Rails app with User and Admin devise models, so I have two scopes.
Created on ember app on router:
Router.map(function() {
this.route('panel', function() {
this.route('login');
this.route('logout');
});
this.route('admin', function() {
this.route('login');
this.route('logout');
});
});
I'm using jj-abrams branch once my app is Ember 2.0
Both authenticating on /users/sign_in and /admins/sign_in
I followed steps on https://github.com/simplabs/ember-simple-auth/tree/master/packages/ember-simple-auth-devise#server-side-setup and authentication is working.
Ember is hitting the right urls after creating authenticators and adapters, but the problem is that ESA just have one session service. Once user or admin is logged in session.isAuthenticated is true and I don't know which scopes are logged in.
Which is the best way to proceed:
Add a role on user reply and set on session
Create a new session for admin user
I solved this problema creating 3 authenticators for each scope, and I handle each one.
It is a particular solution once I don't use other authenticators (OAuth2), but now I can check if authenticator:user, authenticator:admin, authenticator:manager was used on to login.
I have created checks on routes, so user can only access his panel, admin can access user and admin panel, and manager can access the whole system.
I've posted the ember and the API on github:
https://github.com/fernandes/ember-auth-web for the ember
https://github.com/fernandes/ember-auth-api for the devise api
ps: I think would be better to create sessions for each scope, but I don't know how to do it (and if its better or not), in this solution you can login one scope at once (not like devise on rails you can log with many scopes at once).
I would like to let my users sign up for my laravelbased application using facebook or similar through socialite.
My users use a mobile app on their smartphones, which accesses the API of my app. Those API-routes are currently secured through the auth.basic middelware
Route::group(['prefix' => 'api/v1', 'middleware' => 'auth.basic'], function()
{
// ...
});
The app interacts with the api restfully through basic protected urls..
https://user:pass#myapp.com/api/v1/item/1
Now, how can i enable my users to access my protected api-routes, when they have registered through socialite? Is there a Package or a predefined middelware? Also, how would the URLs look like? Is it even possible to allow API calls with both, normally registered users and those being registered through socialite at the same time?
I see 2 best options in here.
Easiest is to use simple auth middleware in combination of logging in to the API at first before any other API calls
Secondly you can create custom middleware and include a token in your API call that authenticates the user. Example of such call after logging and getting token is below. Middleware gets the url param and checks if this is correct.
https://myapp.com/api/v1/item/1?token=123456