I am implementing back-end of a mobile app by Laravel.
current requirement is implementing a stateless solution for authenticating users through restful API.
after that I should find a way to allow users to register and login with their Google and Facebook accounts.
I want to find a stable solution that fit with both of these problem if it is possible.
I know these library exists for laravel but I want an experienced advice to choose best of them:
adamwathan/eloquent-oauth (it seems it is the best fit for my requirements but it is not stable yet)
artdarek/oauth-4-laravel
jenssegers/laravel-oauth
kalley/laravel-oauth-client
Lusitanian/PHPoAuthLib
dschniepp/Laravel-OAuth2-Server
Use oAuth2. There's a few decent packages out there. IMO this is your best bet: https://github.com/lucadegasperi/oauth2-server-laravel
This package fits with the requirements:
https://github.com/tappleby/laravel-auth-token
Related
Hello Stackoverflow community,
I want to build an Android app which uses soccer data. I've found a service that provides soccer information via a REST API. The service is limited to 5,000 request/hour and I want to implement it.
If I have lots of users the app will break.
I've found a way to decrease the number of requests, by using an API-caching middleware. Example:
https://github.com/kwhitley/apicache
Question: What are the best practices when using limited REST APIs?
Best practice is that you implement a server-side application that caches the unique requests with a lifespan and Android application get data from it! Don't get data directly from third-parties.
My project has plan to use SSO (maybe use Gluu or Auth0,...) and is also considering to apply GraphQL to our API.
On first look, it seem that these two should be easily compatible as they are working on different layers. But I still want to hear from someone experienced with both if there is any problems, considerations or guidelines when apply them to the project?
GraphQL has no opinion in how you Authenticate or Authorize users. So you can use any auth you like.
So I'm about to create a mobile application using titanium. I want to use Symfony2 as the server and communicate via rest API's with the client (mobile)
What I am asking is what are the best practices when it comes to designing my server? and what do you recommend I start with?
Have a look at the FOSRestBundle or the Symfony REST Edition, this should get you started quickly.
https://github.com/FriendsOfSymfony/FOSRestBundle
https://github.com/gimler/symfony-rest-edition
As far as RESTful API endpoint design and the data your API will transfer, I really like this guide:
http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api
Granted, this is more of a generic "How do I REST API?" guide, but I think it's useful in a situation like yours.
I am in the process of creating an app (cross-platform with Ionic framework) and during my research about app with this framework I found the one created for HabitRPG and it is using an API to retrieve data, it totally suits my app as well, but I don't know where to start to create an API nor what to use.
I allready did some quick test with Spring, NodeJS and Symfony (with FOS) but I'm looking for something really easy to use and to setup but still to have a lot of flexibility (like manage security, users, and data visibility).
Is there a specific technology easy enough to start with ?
If you want to create a Web API and host it, you can perhaps have the look at APISpark (http://restlet.com/products/apispark/). It's an online plateform that allows to design your APIs following REST principles and then host them. The data are also managed by the platform.
Hope it helps.
Thierry
We Love Play!!
Have used for small projects and pleased with the performance and productivity.
Need few suggestions or comments for the architecture for our new venture which is going to be on play-framework.
Our new venture is to use REST Service stack built in
play-framework(Java) with any front end MV*. Moreover a SOFEA model.
Would like to see how secure we can make our application coz the app has some sensitive data in few endpoints.
Question:
Does the design has any flaws
What is the best way to secure our REST service stack
Is it advisable to decouple my front-end app and back-end services
Which front-end framework is best for this scenario.
Thanks
Kindly suggest appropriate stack site if the question is Non-constructive rather just downvoting ;)
Edit: Anyone care to suggest / anwser? Added bounty.
With any REST-based application, a main security risk is that you have no control over the client. All data and REST requests being sent to the server must be fully checked for authorization. That is: check that the user allowed to view this data and perform the action being requested?
I agree with #johanandren about the first one. It is impossible to say without in depth analysis of the design and the code.
Maybe you should have a look at the Flask framework for REST architectures. It is nice and it has very good add ons for security.
There is also a very good tutorial about it.
I am not sure what you mean by the last question. But if it is about how to return the data. Usually json is a good solution.
Good luck with our play project.