Level 63
Can you show your User model ?
Nov 3, 2021
20
Level 1
Fortify: Authenticate using API JSON Response
I am using Fortify to validate a user via a API, which returns a json array of user data.
{
"userid": "1",
"twoFactorEnabled": "false",
"name": "Test User"
}
Here is what I am doing within the authenticate using method within Fortify Boot.
Fortify::authenticateUsing(function (Request $request) {
if($api->validate($request->username, $request->passwprd)) {
return $api->find($request->username);
}
});
I am doing the above to validate whether or not the username, and password is correct.
Then I am returning the above JSON array if that user is validated from the array.
However, when I do this I receive the following Error from the frontend.
Illuminate\Auth\SessionGuard::login(): Argument #1 ($user) must be of type Illuminate\Contracts\Auth\Authenticatable, array given, called in /home/-/my..io/vendor/laravel/fortify/src/Actions/AttemptToAuthenticate.php on line 80
I have got no Database access at all, this must all be done via the data response from API.
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* @var string[]
*/
protected $fillable = [
'id',
'twoFactorEnabled',
'name'
];
}
Level 1
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* @var string[]
*/
protected $fillable = [
'id',
'twoFactorEnabled',
'name'
];
}
Level 1
@vincent15000 Added to OP.
1 like
Level 75
Is this a SPA.
1 like
Level 1
@jlrdw No, it's a application built in Laravel, however the database, and user system is API based.
1 like
Level 1
@jlrdw + It cannot be built in VueJS or any JS framework, as our employer(UK Bank) has deemed JS too security vulnerable.
1 like
Level 75
@jwhm you will need token based auth, if using sanctum, see that chapter read the differences between spa and regular API.
You can use guzzle or curl, I suggest laravel passport.
1 like
Level 1
@jlrdw None of those are solutions that are viable.
$api->find($request->username);
Is using Guzzle to query the user API, to find the user data associated with that user.
{
"userid": "1",
"twoFactorEnabled": "false",
"name": "Test User"
}
Level 75
@jwhm I suggest reading the chapter on Passport and viewing the Passport video, then decide how to proceed.
1 like
Level 1
I think you're missing the point of this post. I cannot use Sanctum, or Passport as they aren't applicable to what needs to be completed here.
All I am trying to do, is created a auth session, via Fortify's authenticate using, I cannot access the APi's database nor can I change anything about the API, or the database.
I have access to only two endpoints api.com/v1/validate(username, password) which returns their userid if successful, I then need to use their user id provided by validate, to find their user data via api.com/v1/find, which all works fine.
The part I am struggling with is actually creating the Fortify session.
Level 75
@jwhm well you have password mis-spelled: You have:
$request->passwprd
Level 1
@jlrdw I know. That's not the source of the problem.
($user) must be of type Illuminate\Contracts\Auth\Authenticatable, array given.
Level 75
@jwhm you haven't set content type:
'content-type' => 'application/json',
'Accept' =>'application/json',
Please explain more about the API, is it an actual API, or just regular web application.
Have you looked at examples here: https://laravel.com/docs/8.x/http-client
Level 1
@jlrdw Yes, it's an actual API. $api is a injected class(ApiProvider $api) which is a wrapper for a preconfigured Guzzle client. $api->validate sends a request to example.com/v1/validate{username, password}, which if successful, returns a user_id in JSON array. Then, $api->find($user_id) will contact example.com/v1/find{user_id }, which will return the user's name, company, etc which then, a session needs to be created containing that user's data, such as their name, company etc.
Level 75
@jwhm on the Fortify::authenticateUsing method have you tried:
$user = User::where('username', $request->username)->first(); // would need to be unique
Like the example from docs: https://laravel.com/docs/8.x/fortify#customizing-user-authentication
And have you setup the app to use username instead of email?
Level 1
@jlrdw The database and API isn't stored on the webserver where this application is being produced and deployed. There is NO database on the server that is accessible via this application.
The API isn't on this server, or within this Laravel installation. The ONLY way is to send a post request to example.com/v1/validate{username, password} - ergo, any Database operations within this application WILL NOT work as there is NO database access via this Laravel applications so all Eloquent operations WILL fail.
Level 75
@jwhm exactly where do you get $request->username from? Where is username stored.
Where is the database you are attempting to authenticate against?
Level 1
@jlrdw the database is behind the api I am sending requests to via the $api->validate/find.
$request->username, is coming from Fortify which intercepts the $request from any post request to /login.
Level 75
@jwhm see this: https://stackoverflow.com/questions/44875288/guzzle-laravel-login-using-post-request
Another example https://stackoverflow.com/questions/41690733/guzzle-post-request-with-auth
Just make non ajax since you can't use javascript.
Edit: You could also try manual Auth instead of fortify:
https://laravel.com/docs/8.x/authentication#authenticating-users
Level 63
Why do you absolutely want to user Fortify ? As @jlrdw said it, the simplest way it to make your custom authentication code.
I wonder ... isn't it sufficient to use Guzzle and then persist the connection using the sessions ?
Please or to participate in this conversation.