Level 122
How will the third party authenticate themselves?
Sep 20, 2019
3
Level 4
API Integration & CSRF
Hey Everyone, I have a requirement for a 3rd party to integrate into our laravel app for new user sign-ups sourced from the 3rd party. For users that sign up direct our app users standard laravel auth with CSRF protection etc.
How would you recommend best meeting this requirement? One option we have identified is to create an api on a dedicated new route for the 3rd party to post signup requests to. Then use https://laravel.com/docs/5.8/csrf#csrf-excluding-uris to address the fact the 3rd party will not have a CSRF token.
What are you thoughts on this solution route? Would you recommend any alternate solutions?
Level 4
good question! i think i need some form of mechanism to establish the post request is really coming from that 3rd party, rather than having a route open to anyone to potentially post to. Do you have any recomendations on architecting this?
Level 4
could laravel passport perhaps be part of the solution?
1 like
Please or to participate in this conversation.