Level 7
As far as I understand, the generally accepted way to allow other websites to do anything along these lines is by making use of OAuth2.
Have you taken a look at Passport?
Dec 6, 2018
2
Level 1
Register/Login an API session to my site from within another website
I understand that this is quite a broad and large question and so I will try to break it down effectively. I am also hoping for answers that would be both robust and secure. Here goes:
I would like to add a login and registration to my API from within another website, that I do not own. I understand that they would be embedding some javascript but I am assuming that I would need to provide the login as an iframe?.. as I do not want to expose my services password to the page in which the login is embedded. (Is there a better solution?)
Once the user has logged in, I would like to consume my API from within that page. How would one securely store and access any token information?
Perhaps consider this similar to a comments system where a user might inject into their own website. Any help to accomplish something like that with Laravel would be very useful. Many thanks in advance.
Level 1
Hi @sustained ,
Thanks for the reply. Yes, in fact I have already setup everything for the API to handle OAuth2 using passport. The thing here is that I would like to embed the similar login page to the one that appears on my site. The iframe is actually in a bootstrap modal popup and as such must remove the default Laravel header and other styling specifically for this popup. I originally went down the route of the API with OAuth2 as you mention, but realized very quickly that would result in a security issue whereby the user credentials could be scraped by the service that had embedded my login JS.
My current situation is that I am trying to use the same default Laravel login methods but expose a different view and controller specific to the use case but I can't seem to make the middleware play ball at all :( Any ideas how one might have a 'dual' set of login auth systems? One for the main page and one for remote login etc without using the API.
Regards
Please or to participate in this conversation.