Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi,
one of my clients has a special requirement for his Laravel app. The scenario is as follows:
The Laravel App is basically a support messenger app for a certain industry. Now the manufacturer of a Windows software in the same industry has approached my client and they would want to include it in their software.
So what they want is to make a button that opens the browser with our messenger. But to make it easier they want the user of the software to not have to login every time they click the button.
So you login the first time and after that it just logs you in automatically (maybe with a login every x months or something like that for security).
Now I'm thinking about how to approach this because I have no big idea about Windows (or Mac) applications and what they can / can't do while interacting with the browser.
Would OAuth and Passport be a valid direction to go?
Thanks for any remarks and input!
Frank
Hey,
Yes, Passport API Authentication is surely a valid direction to go.
You can even manually add api_token field to the user's table and once logged in through a browser, that API Token gets generated.
Store the api_token in the Local Storage of your browser and check this api_token with the database api_token every time you open the application through that browser.
Now you don't have to login again through that browser.
Hope it helps.
Hi VijayKadiyam,
yes, that definitely helps, thank you.
But in that case the whole "login-logic" depends on the browser. Is it possible somehow to login automatically by passing a token through the URL (the users in the windows application have a unique ID so i could use that easily combined with the api key from Passport to identify a user) or would I have to write that logic myself? Or is that impossible alltogether?
Unfortunately I also haven't used Passport yet, so it's a great opportunity to learn a lot of new stuff. ;-)
Thanks! Frank
This surely is a cool way of logging in using Windows Unique ID and passport api_key combined. I will also surely give it a try.
Firstly, windows software going to open your laravel app in a browser so there is no concept of passport required here (Unless you are using front-end framework like angularJS and laravel backend for messenger app). Because browser going to use native laravel auth system. So all you have to do is ask the windows software developer to encrypt the user email and send it along with laravel app link on the button click. Example
http://yourdomain.com/appredirect/7y45rh34hf73hfi4398f4fhiu4398f34hfgvoi34gj8
Now in your laravel app decrypt the string and get the user email then login automatically like below
Route::get('appredirect/{key}' function($key){
$user_email = decrypt($key,'your secret key');
// now find the user
$user = User::where('email',$user_email)->first();
if($user){
Auth::login($user); // login user automatically
return redirect('messanger/home');
}else {
return "User not found!"
}
});
Hi RamjithAp,
I actually am using angularJS but so far it's only using normal authentication, not API authentication yet (which is planned for the future).
Your suggestion is something I have pondered but wasn't sure about the security implications. This solution will probably be used for multiple partners (so multiple softwares) and it seems wrong to use the same secret key for all of them - that's why I had the idea with using a combination of oauth and the unique ID from the software.
Yes it depends on how much of user data you have in the software. However the flow explained above is the solution just implement better security in terms of encryption.
Please or to participate in this conversation.