Level 73
Is there a particular reason for rolling your own authentication instead of using the one provided by Laravel?
Aug 13, 2024
5
Level 1
Consuming APIs for authentication in laravel auth
hello fellow artisans
as i am trying to authenticate use using my own made APIs using laravel i find it difficult. and i dont see where i did it wrong
public function store(LoginRequest $request): RedirectResponse { $credentials = $request->only('email', 'password'); $response = $this->authApiService->login($credentials);
if ($response->successful() && $response->json('status') === 'success') {
$apiResponse = $response->json('data');
$token = $apiResponse['token'];
$userData = $apiResponse['user'];
// Optionally store user data in session if needed
Session::put('api_token', $token);
Session::put('user', $userData);
$request->session()->regenerate();
// Manually log in the user without creating/updating in local database
Auth::loginUsingId($userData['id']);
// Check if the email is verified
if (is_null($userData['verified_at'])) {
// Redirect to the email verification notice page
return redirect()->route('verification.notice')->with('message', 'Please verify your email address.');
}
return redirect()->intended(route('dashboard', absolute: false));
}
return back()->withErrors([
'email' => 'The provided credentials do not match our records.',
]);
}
Level 1
@Tray2 i have a community that will be using same members so I came up with idea of having APIs for all users and can log in different sites that are made by our community
Level 73
@AfroDemo Ah, I would probably use a third party provider for that, like github or google. Take a look at the Socialite package.
1 like
Level 1
@Tray2 Thanks but i came to realize the way I thought to make it work was wrong after making a follow-up on how Socialite works I came to know it is not practical to authenticate users on the fly without saving any of their data in my app server.
As I was going through they at least save user ID and G id and other info if needed but for me, I was trying not to save any info from API but still wanted to auth user
Level 73
@AfroDemo You could probably go with JWT, but that would require two api calls, one to get the jwt, and one to do the actual call.
Please or to participate in this conversation.