Login Using Api

Question

I am working on a project and currently writing the backend. I have decided to implement it as a rest api since i need to write a web app as well as a mobile app. I am having problem understanding how do i login the user since rest api are stateless. I have read some material which mention basic authentication (sending login credentials) with each request or Oauth2.0. Basic authentication is not recommended and i don't understand why i should use Oauth2.0 because no third party will be using my api. My question is how should i implement login functionality and what are the standards ?

Answer 1

1. add passport package to your project ,see this for more info https://laravel.com/docs/5.4/passport
2. create password grant client
3. create new user with token

4. use retrofit or another package to call Laravel api

    /* prepare httpClient */
   httpClient.addInterceptor(new Interceptor() {
       @Override
       public Response intercept(Chain chain) throws IOException {
           Request orginal = chain.request();
           Request.Builder builder = orginal.newBuilder();
           builder.addHeader("Accept", "application/json");
           if (tools.isAuthorized()) {
               builder.addHeader("Authorization", "Bearer " + tools.getAccessToken());
           }
           builder.method(orginal.method(), orginal.body());
           Request build = builder.build();
           return chain.proceed(build);
       }});
   

   5- call api and get response then save user token.

Answer 2

You'll need to add a unique api_token column for your Users table.

$table->string('api_token', 60)->unique();

In Laravel 5.4, api.php holds the API routes, you'll need to use an out-of-the-box middleware auth:api, so you can authenticate requests by api_token.

Read more http://bootstrapdojo.com/rest-api-laravel-5-4-with-token-authentication/

Answer 3

I guess you can create a REST API that offers CRUD operations on JSON web tokens.