Level 14
have a look into manually authenticating users https://laravel.com/docs/10.x/authentication#authenticating-users
1 like
Aug 24, 2023
4
Level 1
Authenticate users by consuming an external JSON API endpoint from server side.
Incoming credentials must be validated on the server side by consuming the API. I already get a successful response but It does not redirect me to the index or I got successful response but I do not get authenticated so it redirects me back to the login page because I use middleware('auth') in the index page. This is my first time working with api so I am not sure what to do. Do I still need to use database here?
AuthController:
public function signin(Request $request)
{
$request->validate([
'username' => 'required',
'password' => 'required',
]);
$credentials = $request->only('username', 'password');
$response = Http::post('url cannot be displayed', $credentials);
if ($response->successful()) {
return redirect()->route('index');
} else {
return back()->with('error', 'Invalid username or password');
}
}
web.php
Route::get('/', [IndexController::class, 'index'])->middleware('auth')->name('index');
Route::get('/account/login', [AuthController::class, 'login'])->name('login');
Route::post('/account/login', [AuthController::class, 'signin'])->name('signin');
Level 2
In your current implementation, it appears that you are only checking for a successful response from the API and then redirecting the user to the index page. However, you may need to take additional steps to properly authenticate the user and update their session or cookie information.
Using a database could be helpful in managing user authentication and session information. You could store user information and authentication status in the database and retrieve it when needed. This would allow you to properly manage user sessions and ensure that authenticated users are correctly redirected to the index page.
1 like
Level 1
@josecameselle I just wanted to clarify that the "Incoming credentials must be validated on the server side by consuming the API" does not prohibit me from using a database? Because, in my understanding, the server will check and validate itself. Enlighten me please, TIA.
Level 2
@Jeyziii Forgive me. I hadn't fully understood you... Let's see what I can think of...
Please or to participate in this conversation.