Pixelairport

Pixelairport

Member Since 4 Years Ago

Berlin

Experience Points
20,240
Total
Experience

4,760 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed
168
Lessons
Completed
Best Reply Awards
0
Best Reply
Awards
  • start your engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • school-in-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • subscriber Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.

  • lifer Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.

  • evangelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

  • community-pillar Created with Sketch.

    Community Pillar

    Earned once your experience points ranks in the top 10 of all Laracasts users.

Level 5
20,240 XP
Nov
19
2 weeks ago
Activity icon

Awarded Best Reply on Laravel Websockets Events Working, But No Data Is Send

Sorry, I dont know how to delete this. I started again in a clean application and now it works :)

Activity icon

Replied to Laravel Websockets Events Working, But No Data Is Send

Sorry, I dont know how to delete this. I started again in a clean application and now it works :)

Activity icon

Started a new Conversation Laravel Websockets Events Working, But No Data Is Send

I set up an local server for websockets. I have my vue app and another app, which sends an event. When event is send i get an output in the console of the vue app, but the data is missing. I did this tutorial https://www.youtube.com/watch?v=pIGy7-7gGXI and dont know what could it be. Here is the code from my application which sends the event.

<?php

namespace App\Events;

use Illuminate\Broadcasting\Channel;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Queue\SerializesModels;

class NewMessage implements ShouldBroadcast
{
    use Dispatchable, InteractsWithSockets, SerializesModels;

    public $message;

    /**
     * Create a new event instance.
     *
     * @return void
     */
    public function __construct($message)
    {
        $this->message = $message;
    }

    /**
     * Get the channels the event should broadcast on.
     *
     * @return \Illuminate\Broadcasting\Channel|array
     */
    public function broadcastOn()
    {
        return new Channel('blubbcng');
    }
}

And here is a snippet from my vue, which is the app who receivs the event:

<script>
export default {
    data: function (){
        return {
            etest: null
        }
    },
    created() {

    },
    mounted() {
        Echo.channel('blubbcng').listen('NewMessage', (e) => {
            console.log(e);
        })
    }
}
</script>

Console outputs only: []

Hope somebody can help and maybe sees the problem here.

Nov
13
2 weeks ago
Activity icon

Replied to Best/Cheapest Way For Sockets

Had a quick view at this. That sounds exactly like what i need. At pusher the pricing ends with 30k connections at the same time for 1,199$. And the link says 60k for 15$. That is a big difference and perfect for me I think. I will test it. Thx @sinnbeck

Activity icon

Started a new Conversation Best/Cheapest Way For Sockets

I build an app where I need to use sockets for the first time. I tested pusher.com and it would work. But it is a bit expensive. So my question is, if it is cheaper to do it maybe with something like sockets.io. Or do I then have other problems like "it crashes with too much people"? Then I would go with pusher first and switch later. Or is it really simple to do it with another tool. Or are there other tools and alternatives to pusher. I like pusher because it is simple and works good with laravel.

Nov
08
3 weeks ago
Activity icon

Commented on Component Communication Example #2: Event Dispatcher

Is this still recommended? I heard and read some posts, where people talk about that event bus like this is not recommended and can cause errors in Vue.

Nov
04
4 weeks ago
Activity icon

Awarded Best Reply on Return 500 With API To Get Error In Axios SPA

Ok. Found the problem. Everything works fine... It was just a problem with my API Gateway. I build a gateway, which consumes multiple apis and axios consumes only api gateway. When i call the orignal microservice api url I get the error. I will develope a workaround for this. But wanted to tell what the problem was.

Activity icon

Replied to Return 500 With API To Get Error In Axios SPA

Ok. Found the problem. Everything works fine... It was just a problem with my API Gateway. I build a gateway, which consumes multiple apis and axios consumes only api gateway. When i call the orignal microservice api url I get the error. I will develope a workaround for this. But wanted to tell what the problem was.

Activity icon

Replied to Return 500 With API To Get Error In Axios SPA

That is a problem. err.response.data.error is undefined, because err.response.data is a message (string):

Client error: `POST http://myapp.test/api/st…b40010.info","code":"b40010.code" (truncated...)↵", exception: "GuzzleHttp\Exception\ClientException", file: "/home/vagrant/code/sites/streamtools/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php

I will do some tests. If nothing works I think i will change the handler or maybe I get another idea. Thx for your help.

Activity icon

Replied to Return 500 With API To Get Error In Axios SPA

I dont really understand what you mean, because i will get the right error from my api. But i ask myself if it would be a good idea to change app/Exceptions/Handler and add something like:

public function render($request, Throwable $e)
    {
        if($request->isJson()){

            if ($e instanceof ClientException) {
                $message = $e->getResponse()->getBody();
                $code = $e->getCode();

                return response()->json(['error' => $message, 'code' => $code], $code);
            }
        }

        return parent::render($request, $e); // TODO: Change the autogenerated stub
    }

It works for me. Or is that not a good idea?

Activity icon

Started a new Conversation Return 500 With API To Get Error In Axios SPA

I build an API and now I want to do a delete method. I try to understand how I can return an response with a 500 for example. Here is what I mean:

return response()->json(['error' => 'Wrong post ID!', 'code' => 500], 500);

This returns an exception. The Problem is, that I want to consume it with axios. In axios I have this:

window.axios.delete('/api/posts/14').then((response) => {
  resolve(response);
}, (err) => {
  console.log(err);
  reject(err);
});

I want to get the error and the code from the array to output it in my SPA. But how can I output json? I dont want the exception as output. If I do ...

return response()->json(['error' => 'Wrong post ID!', 'code' => 500]);

... it works, but that means it is a success request.

Nov
03
1 month ago
Activity icon

Awarded Best Reply on Policy With Custom Response Not Working

It was hard to find out for me, but i have to use gate to get the information. The $this->authorize methods throws an exception. So I have to do this:

// In my controller head
use Illuminate\Support\Facades\Gate;

// In my method
$response = Gate::inspect('delete', $post);
dd($response->toArray());
Activity icon

Replied to Policy With Custom Response Not Working

It was hard to find out for me, but i have to use gate to get the information. The $this->authorize methods throws an exception. So I have to do this:

// In my controller head
use Illuminate\Support\Facades\Gate;

// In my method
$response = Gate::inspect('delete', $post);
dd($response->toArray());
Activity icon

Replied to Policy With Custom Response Not Working

Ok. It is not working. I can only return true. Everything else shows an error. If i go to HandlesAutorization Trait and do a dd() to output response, it looks fine. Also in my policy, when i output it there. But when I return the response, i get the error and not the object.

Activity icon

Replied to Policy With Custom Response Not Working

Thx for your answer. But it does not work. To keep it simple i only have now:

public function delete(User $user, Post $post)
{
  $this->deny('Does not work :(', 500);

  return true;
}

If the idea is to use deny and allow, this is also not working:

public function delete(User $user, Post $post)
{
  $this->allow('It works :)', 200);

  return true;
}

And if I do only ...

return $this->deny('Does not work :(');

I get the error I write in my first comment.

Activity icon

Started a new Conversation Policy With Custom Response Not Working

I try to understand policies. Now i got it work, but have a last problem. If the policy is true, i got an object with message, code and allowed. When it is false, I got an error like this:

{ "message": "Client error: `GET http://myapplication.test/api/post/14` resulted in a `403 Forbidden` response:\n\n\n \n \n " }, ...

This is the code im my policy.

    public function delete(User $user, Post $post)
    {
        return $user->id === $post->user_id
            ? Response::allow()
            : Response::deny('You do not own this post.');
    }

And this is how i call it to see what the policy returns:


dd($this->authorize('delete', $post));

Oct
12
1 month ago
Activity icon

Awarded Best Reply on Security For SPA

OK. I created the app now with sanctum. The vue app is in it, but has a switch. I can run laravel and the vue app runs in production mode. Then it use the cookie based auth. When I develope Im in developer mode and the app uses a bearer token i set up in env.development. That works for me. I can do the automatic reload stuff an can test everything. It seems to work. thx for your help.

Activity icon

Replied to Security For SPA

OK. I created the app now with sanctum. The vue app is in it, but has a switch. I can run laravel and the vue app runs in production mode. Then it use the cookie based auth. When I develope Im in developer mode and the app uses a bearer token i set up in env.development. That works for me. I can do the automatic reload stuff an can test everything. It seems to work. thx for your help.

Oct
10
1 month ago
Activity icon

Replied to Security For SPA

You're right. Normally I would do only some vue components and use it in my blade templates. That is what I did in the past. I also thought about using livewire. This time my app must show everything in real time (I do this with pusher), is animated and has a lot of elements you can play with. It is like a real time game. The backend has highscores for example. The thing is that you can play with iPhone, Android, Apple Watch, TV Apps. So I thougt best way to build a really good API is to build it a way, where I use the API right from the start. The problem with authentication is for me, to understand how I can be most secure. What is a workaround for example with sanctum. You can save your token forever in your app on mobile phone. But I could imagine that it is also good to delete the tokens maybe every week. Tokens with passport have a lifetime, sanctum not. But maybe it is just another security layer. I think at the beginning I go with the standard laravel gave me and when I grow or when I see the idea works I will bring in other people who make it more secure. thx

Activity icon

Replied to Security For SPA

Ok. Thx. Then i will check vue cli again and seperate them under the same tdl. Alredy tried this a few weeks before and the problem was to run both in homestead. But Thx ... I will test it again. Maybe I also give passport another chance... I had problems with it in the past. For me sanctum took the pain away. And it seems to work also for mobile apps.

Activity icon

Started a new Conversation Security For SPA

I build an app as SPA. Later there should also be a mobile app, which consume the API. I use Laravel Sanctum. My problem is that I tested now for days, what is the best workaround. Using Vue Cli and put the app into resources/app and run npm from there? Or create package.json on my own and do npm from root folder. Or is it better to build a SPA with Vue Cli sepearted and only use the API with laravel? Thats what I want to test next. But what about security then. Laravel docs says cookie based is more secure, but then it needs the same url. What is, when I save the token I got in my app? Is that not secure? I think I will delete the tokens after 3 days and maybe also create another salt every 3-4 month.... Not sure if this is a secure way. What would you say? Or what is your way for SPAs? Thx

Sep
26
2 months ago
Activity icon

Replied to Vue SPA In Laravel 8 With Homestead

Ok, I think I will do it a way, I tried to avoid and put the Vue stuff into my main project. I also found this (which I will watch tomorrow): https://laracasts.com/series/laravel-vue-and-spas ... Maybe it helps. But I have a last question. The Laravel docu says:

"For this feature, Sanctum does not use tokens of any kind. Instead, Sanctum uses Laravel's built-in cookie based session authentication services. This provides the benefits of CSRF protection, session authentication, as well as protects against leakage of the authentication credentials via XSS. Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend."

Is token based not secure? I mean when I login and save the token in vuex store... Is this not a normal way? Docu says it is more secure, but not say what is not secure, when I do it with a token.

Sep
25
2 months ago
Activity icon

Started a new Conversation Vue SPA In Laravel 8 With Homestead

I build a full API and want to consume it with Laravel Sanctum in a Vue App. I build the API first, because later there will be a mobile app. Problem is that I need the same domains for SPAs with Sanctum. In the past I did all laravel stuff on homestead and do npm serve on my normal system. Now I need both on homestead... What is the best (or normal) way to do this?

  1. Use Jetstream with Inertia? => But i dont want tailwind. And i (i think) dont need the mix of blade and Vue.
  2. Do it with npm install vue and webpack directly in Laravel
  3. Do another directory in homestad and create SPA there?
  4. ... something else?

thx

Sep
22
2 months ago
Activity icon

Awarded Best Reply on How To Valdiate The Right Way?

I just found this https://laracasts.com/series/guest-spotlight/episodes/11 ... I will test it . I think this is what I was looking for.

Activity icon

Replied to How To Valdiate The Right Way?

I just found this https://laracasts.com/series/guest-spotlight/episodes/11 ... I will test it . I think this is what I was looking for.

Activity icon

Started a new Conversation How To Valdiate The Right Way?

I used to use Cartalyst Platform (Laravel Components), which has a validation trait used in the repositories. Now i switched to laravel and read that I dont should use validation in repositories. I also have to find another way to validate forms and user inputs. I did a FormRequest file and load it as closure in my controller. But I dont like that it throws the error. I want to handle the error by my own. If I have errors I want to redirect the user or maybe track the times he did mistakes. So I think about to create a service, that I have the controller (gets the request), which calls the service (which checks the request), which calls the repository (which does database stuff when rest is ok). Is that the right way for me? When I understand all right, I cant use this Form Requests. I just create the Service File, which has a function (e.g. "CreatePost"), which checks everything. Is that right?

Sep
13
2 months ago
Activity icon

Started a new Conversation Socialite Security Problems

Maybe I'm to scared of doing something wrong in my system. But I started with socialite and now i created a database, which connects the social login providers and provider ids to the user. Now I ask myself, if it is a normal workaround to connect multiple social accounts to one user. For example a user can login with github and facebook. And what about security. For example a user created an account with his email address. Now he is logged out and clicks login with facebook. Should i take the facebook email and look if there is a user in database with the email and connect this? Im not sure if this could end in security problems. How do you solve this? Hope someone has an idea.

Sep
12
2 months ago
Activity icon

Started a new Conversation How To Store User In Laravel After Socialite Login

I started with Laravel 8 and Socialite. It works and i also get my data with the callback. I have one question... Do I have to implement the rest by myself. I mean that the user is stored to database? I started to create a package for this, but did I miss something? Or does socialite not have the opportunity to do this? I mean when I have laravel and the user could login with facebook for example, he also did things on my system and i need the user and user id. Thats why I also need a user, didn't I? In the package i start creating there is a database with "user_id", "provider", "provider_user_id", which will be cecked after oauth login. If there is no user, a new one is created. Would this be right?

Aug
28
3 months ago
Activity icon

Replied to Workaround Vue Login Into Laravel Backend

Ok. I hope I did it right... My Vue/Nuxt App redirects to my Laravel app after click on button "Login with twitch". Then user is redirected to twitch and log in. After login user is redirected to nuxt app (i had to setup the callback urls). Then in my nuxt app I have a code and state which I can use to login the user via api at my backend. Hope this is right and secure?

Activity icon

Started a new Conversation Workaround Vue Login Into Laravel Backend

Ok. I have some similar questions here on laracasts, and everything is solved now. But now I'm not sure if this is the right way. I just want to login with a mobile vue app into my backend. Users only can login with their twitch account. In the past i did the login only with laravel, which works already. Now i use vue with nuxt and already have a working login into twitch. I got an access_token back. But when i understand this right, i need an access token from my app. I did the login direct from app to twitch. Is this correct? I mean should i redirect the user to may backend and then to twitch after click the button in my app? But then the user is redirected to my backend url. If not there is a warning at twitch that it is insecure from now, because the callback url is another url... Im just confused which is the right way to do the login... I would say the best thing would be, that i dont leave the app (frontend) to redirect to backend and then to twitch. I would prefer to do it direct from app to twitch. Like it works now. But now i only have the access token. But i also need to login into my bakcend. I want to do it via api. So i need the code and state to do it via api...

Or is there a way to redirect back from the backend to the mobile app? I have no idea how. How can i redirect from an url direct into a mobile app? Would this be the right way?

Aug
25
3 months ago
Activity icon

Awarded Best Reply on Understanding Twitch Login With Vue And Laravel

Ok. I did another post in nuxt forum. I think it is better to ask there. https://forum.vuejs.org/t/strategy-problem-with-nuxt-auth-and-twitch/102254

Activity icon

Replied to Understanding Twitch Login With Vue And Laravel

Ok. I did another post in nuxt forum. I think it is better to ask there. https://forum.vuejs.org/t/strategy-problem-with-nuxt-auth-and-twitch/102254

Activity icon

Replied to Understanding Twitch Login With Vue And Laravel

I have now a nuxt app with a login button. This button redirects to my backendservice, which redirects to twitch and back and then again redirects to my nuxt app. But it seems too much redirects for me... Or is that a possible way? Im logged in. But is that also working when i have a mobile app compiled from my nuxt... Can I say: "Redirect to app instead of an url? Or is the mobile app open an browser in an overlay which can be closed after registering?"

Activity icon

Started a new Conversation Understanding Twitch Login With Vue And Laravel

As my title says i build an app with laravel for backend and a vue app (frontend). The user should login with his twitch account. But I ask myself, what is the right workaround. I use cartalyst platform (laravel packages), which include a simple one-click solution to login with twitch on a laravel page. Does the user now have to login with the Vue App and then i create the User in the laravel backend via API? The Vue App should be compiled to a mobile app in the end.

I started now with nuxt and nuxt auth. But is it right to do the login with vue and twitch and then check via api if user exists in backend, and if not create the user.

Or should I do something else? I also have to use passport. But this is only to read something like, how many users are in the app or show latest streams and so on... I mean things which are not directly connected to the user and should be public. The user things must have an login... and im just not sure... should i login like i said or should i login against my backend and the backend redirects the user or does the rest? Im so confused and dont want to start in a wrong way.

Jul
19
4 months ago
Activity icon

Replied to How To Host Microservices

Ok. I watched an online course now for lumen. Now i know how microservice will act together. Last question is how to host the stuff. I think i will test AWS. Im just scared everytime, because I dont know what it will cost in the end. But i think it is the best solution and I just have to test it.

Activity icon

Started a new Conversation How To Host Microservices

Hi. I used Laravel and Cartalyst Platform for a few years. I have an idea for a service, which has a lot of traffic and data if it will work. Till now my applications are small ones. This is why I think about do microservices and use lumen. Or is it wrong to do it that way? If it works I have millions of users, which play a game and collect points. All points are collected and not merged to show statistics for every user (Monday: 400 Points, Tuesday: 240 Points, ...).

I decided to ask here, before I start and someone will tell me in a few weeks that I was wrong. I just want to know if I'm on the right way. Is lumen good for this? I plan to have a main service, where users can login (gateway) and a score service, where the points are collected. Where can I host this when I'm finished? Can I start with a normal Webhosting Provider? I need the simplest and most fast way. I'm a person, who uses other services instead of building things like Algolia (Databases) or Pusher (Sockets). I saw there is a tool called Vapor at laravel, but it seems it is not for Lumen. Just for Laravel. My main problem is, that I want to be flexible if it will scale fast. It is also important that the database can scale. If i really have million users one day and every user has multiple point he is getting every day, there will be millions of database entries every day. I have to ask because I never had a project like that.

Hope you can give me some help. Thx.

Jul
02
5 months ago
Activity icon

Replied to LoginAs With Dusk And Cartalyst (_dusk/login/1 Is Empty)

Ok. I found out a little bit more. When i put dd('hello') into the login function in my UserController i see the hello when i visit the url in chrome, but i did not see it when i use php artisan dusk. This shows me:

Jul
01
5 months ago
Activity icon

Started a new Conversation LoginAs With Dusk And Cartalyst (_dusk/login/1 Is Empty)

Hi. I want to use the $browser->loginAs method, but I use Cartalyst Platform. When I call 'https://myurl.test/_dusk/login/1' in my browser, I got an empty page... is that normal? Also testing does not work.

When I do:

$browser->loginAs(1)->assertAuthenticated();

I got an error: The user is not authenticated. Failed asserting that a NULL is not empty.

I uploaded the code at: https://github.com/Pixelairport/platform-dusk Maybe someone of you also use Cartalyst Platform or can help me. But I think the main problem is that the page is empty when I call _dusk/login/1. Thx

Jun
28
5 months ago
Activity icon

Replied to Using ActingAs() Method With Sentinel

did you find a solution? i have the same problem because i want to write a test as sentinel user and want to use actingAs().

Activity icon

Awarded Best Reply on Get Route In Feature Test

Ok. It works now... there was a bug in an extension i use, which scaffold extensions... it was fixed... Now everything works like expected.

Activity icon

Replied to Get Route In Feature Test

Ok. It works now... there was a bug in an extension i use, which scaffold extensions... it was fixed... Now everything works like expected.

Jun
26
5 months ago
Activity icon

Replied to Get Route In Feature Test

Ok. I'm on the right way. I thought it should work, but it did not. I got:

  at vendor/laravel/framework/src/Illuminate/Routing/UrlGenerator.php:420
    416|         if (! is_null($route = $this->routes->getByName($name))) {
    417|             return $this->toRoute($route, $parameters, $absolute);
    418|         }
    419| 
  > 420|         throw new RouteNotFoundException("Route [{$name}] not defined.");
    421|     }
    422| 
    423|     /**
    424|      * Get the URL for a given route instance.

      +1 vendor frames 
  2   tests/Feature/CheckPagesTest.php:17

I created a really simple route now (the route name exist), without any special chars or grouping it. Really simple... and there is still the same problem. I can use $this->get('en/imprint'); but cant use $this->get(route('en.page.imprint'));

Activity icon

Started a new Conversation Get Route In Feature Test

I started with testing and found a lot of examples with:

$response = $this->get('/');

But is it also possible to do something like this:

$response = $this->route('page.en.cart');

or

$response = $this->get(route('page.en.cart'));

Because nothing works... Maybe it is a bad idea, but I'm a testing beginner, and this would sound better than use path/url for me. Am I wrong?

Jun
23
5 months ago
Activity icon

Replied to Laravel 7 Testing With Codeception Or PHPUnit/Dusk

Ok. Thx. ... I will test phpunit/dusk in laravel today.

Activity icon

Started a new Conversation Laravel 7 Testing With Codeception Or PHPUnit/Dusk

Hi. Laravel 7 has Dusk, PHPUnit, and a lot for testing applications. I want to beginn with testing... just to understand... do i still need codeception or is laravavel already have everything out of the box. I want to have the easiest way to start...

Jun
16
5 months ago
Activity icon

Started a new Conversation Do I Use The Right Middleware

Hi. I just want to ask, that I can be sure to be secure. I build a nuxt app with nuxt auth and axios. I also use passport and laravel. I found out how to connect everything and login/autorize the app. I ask myself, why there were so many websites, which said I should use middleware 'auth:api' to secure my api. Because this doesn't work. I now use client after i did this in kernel.php:

'client' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,

I just want to ask, if this is right... I hope so, because the whole process took me almost 2 full days... :/

Activity icon

Awarded Best Reply on Passport/Nuxt: Help Me To Understand The Connection With PKCE

Now it works. Sorry... I have done it like the documentation said. And i created a value in the table oauth_clients. But I thought the whole time, that the user_id in this table is for a single user. But it seems it is the user, who created this secret. I missunderstand this. So I can go on and use this secret and id for every single user. The field user_id in the other tables for access tokens are the users who are using the token... it is a bit hard, when you try to understand the whole process the first time... but it seems it works. thx

Activity icon

Replied to Passport/Nuxt: Help Me To Understand The Connection With PKCE

Now it works. Sorry... I have done it like the documentation said. And i created a value in the table oauth_clients. But I thought the whole time, that the user_id in this table is for a single user. But it seems it is the user, who created this secret. I missunderstand this. So I can go on and use this secret and id for every single user. The field user_id in the other tables for access tokens are the users who are using the token... it is a bit hard, when you try to understand the whole process the first time... but it seems it works. thx

Activity icon

Replied to Passport/Nuxt: Help Me To Understand The Connection With PKCE

Ok also this site says (https://auth0.com/docs/api-auth/which-oauth-flow-to-use) i have to choose PKCE. That means I think it is ok to redirect user to another page and do the login there instead of sending the credentials from the page. But then there is still question nr 2. When I create a client id there is also set the user id in the database of laravel. This also gives me the id (client id) and secret, which I should use in the native app. But how can the native app know about the client id and secret, when the user is not logged in? ... Sorry. I just dont understand how this should work... i know it will... but i dont understand it.

Jun
15
5 months ago
Activity icon

Started a new Conversation Passport/Nuxt: Help Me To Understand The Connection With PKCE

Hi. I had a similar thread, where I got a helpful link https://oauth2.thephpleague.com/authorization-server/which-grant/ where I found out that I have to use PKCE to login users. I build a Nuxt App (which will be compiled later to mobile app) and a Larave backend. I have two problems I dont understand.

  1. Is that a normal way that the user is redirected out of the app to a homepage of the backend to login? I think i saw this at google apps. But there are also other apps, where i type in user and password into the app and send the credentials away and get response. Or is this a bit insecure?

  2. I use nuxt auth to login users. And when i use it with passport (pkce) I should send also cliend id and client secret. But I dont understand this... because I develope the app and host it. So how can i know, before user is logged in, the client id of this user? Hopy you know what i mean. In the nuxt.config.js I have to place this:

auth: {
    strategies: {
      'laravel.passport': {
        url: 'https://streamtools.test',
        client_id: '4',
        client_secret: 'kdjenJehd83ndnvbdHGDJhfkseu32hX'
      },
    },
    redirect: {
      callback: '/callback'
    }
  },

But then it is client id 4 ... what if another user login? Do I maybe just need another grant token system as PKCE? I used the Password Grant token before, but read that this is maybe a bit insecure... Sorry. This problem took me a few days now... Hope somebody can help.