Suggestion: Auth0 implementation

[egdavid]

Any thoughts on implementing the Laravel Auth0 package ?
Auth0 is regularly used by api consumers and it could be great making endpoints compatible with this authentication system.

[specialtactics]

Hey there

Thanks for the suggestion, it is actually on the cards to make this package integrated with Passport, and so I will add Auth0 to that as well 👍

[egdavid]

@specialtactics thanks for the answer.

I've integrated the Auth0 JWT management and I can now login using Auth0 (Facebook, Google or anything else) and use the TokenId to call API boilerplate's endpoints.

I'm just worried about a little thing: can you confirm that I can completely get rid of the api.auth middleware ? Since my SPA wont use or make any crud request for the users table on my Laravel api.

[specialtactics]

@roasted-toast I am not use, the underlying dingo package relies on api.auth, if you replace it, then whatever you replace it with has to provide an equivalent implementation of authentication, and work with helpers like auth()

[connecteev]

@specialtactics +1 for https://laravel.com/docs/master/passport
I know Auth0 makes it simple also but I have no idea why indie makers and devs would use it, they charge per user, and it's not cheap either 🗡
Out of curiosity what does this repo use now for API auth, if not passport?

[egdavid]

A JWT Auth system is implemented within the boilerplate.

[connecteev]

@egdavid got it. Love to see support for Laravel passport.

[specialtactics]

It will definitely come, do not worry guys 😄

Right now the main trouble for me is that there's a lot of work on the roadmap, and trying to priorotise the easy wins.

Right now, the built-in JWT will suffice for 80% of use cases. Next, I want to write HMAC authentication, which will take some effort because I don't think there are any maintained laravel auth hmac implementations, but it's very useful for APIs.

Down the track a bit will be passport and/or auth0.

[egdavid]

@specialtactics I could create a PR of my own implementation of Auth0 if you want.

[specialtactics]

@egdavid If you've integrated it into the boilerplate, I would definitely love to see !

So long as it won't break any existing functionality and can be turned on/off, it should be fine.

[egdavid]

@specialtactics in this particular case it will require some changes, there is no way to turn it on or off for example and I'm not sure it would not break the existing JWT auth system since I "got rid" of it.
However, I could try to produce a decent Pull Request for your boilerplate, asap (within the next week or so).
P.S.: this implementation will require a documentation to explain how M2M auth actually works with Laravel and how it needs to be set @ Auth0. It has not be well detailed by Auth0 in their doc, I had to do some extra researches by myself.

[specialtactics]

No problem @egdavid , there's no rush for sure, as I myself wouldn't get to it for months. If you feel like contributing, it would be very welcome.

Dingo itself has configurable auth providers, I think that's the place to start to make it swappable.

[egdavid]

@specialtactics I'm about to publish a PR with my own implementation of Auth0. You should probably create a Dev branch so I could publish it without affecting the main one?

[specialtactics]

@egdavid Sure, I've pushed a "dev" branch, based off the latest master. Can't wait to see!

[egdavid]

@specialtactics I'm updating the code based on the latest master and my public (unauthenticated) routes don't work anymore.
It happens only on endpoints that don't require authentication while being unauthenticated. As soon as I log in (on Postman), it works.
Here is the error:

{
    "message": "Call to a member function can() on null",
    "statusCode": 500,
    "debug": {
        "line": 98,
        "file": "/home/david/Sites/apiboilerplatenew/vendor/specialtactics/l5-api/src/Http/Controllers/Features/AuthorizesUserActionsOnModelsTrait.php",

Any idea?
It used to work before the boilerplate update. Models haven't been updated.

EDIT: seems like I've had some issues with my custom API Policies. I've removed them for the incoming push.

[specialtactics]

So did you fix the issue @egdavid ? I would advise, if you have unauthenticated routes, the model used by those controllers can't have a policy, since there wouldn't be any logged in user to check any access policies against.

[mroushdy]

Hey guys, +1 on this. Any updates?

[specialtactics]

No updates sorry, not a priority unfortunately at the moment !

[mroushdy]

How compatible is this boiler plate if laravel changes in the future but the boiler plat did not? Are the changes to laravel a lot? Or is it mostly outside of changes to the laravel framework?

…

On Thu, Apr 2, 2020 at 3:41 PM Max ***@***.***> wrote: No updates sorry, not a priority unfortunately at the moment ! — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#19 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOOX7PU2NWCJHRNT7APRXTRKUIBPANCNFSM4HSBLGWQ> .

[specialtactics]

@mroushdy Nothing of laravel is changed actually, it all works through packages and inheritance. It's the same version of Laravel as any other.

[Master-maynd]

Hello Dear
Thanks for the great work.
Kindly help if you have time,
when I run composer test it gives me this error. I have mysql I dont use POSTGRES

./vendor/bin/phpunit --colors=always -v --testdox
PHPUnit 9.5.12 by Sebastian Bergmann and contributors.

Error in bootstrap script: Illuminate\Database\QueryException:
could not find driver (SQL: select tablename from pg_catalog.pg_tables where schemaname in ('public'))
Script ./vendor/bin/phpunit --colors=always -v --testdox handling the test event returned with error code 1

[michaelvaes]

@Master-maynd mysql should be the default indeed, let's make sure it's set like that

• The default driver in config/database.php should be mysql
  • 'default' => env('DB_CONNECTION', 'mysql'),
• The DB_CONNECTION in .env should be set to mysql
  • DB_CONNECTION=mysql
• Make sure that in phpunit.xml you are not overriding the DB_CONNECTION setting above

If it all fails I suggest

• to compare your branch against the boilerplate as spot the diffs
• Push your code to a pubic repo (if possible) or post your configs here