2014-10-20 13:07
浏览 285


I am building my first rest API for an iOS app. The framework I use for buidling the API is Laravel.

Everything works great so far but I am not sure on how to log users in using the API. Could sessions work here? Im already using SSL/HTTPS but I dont wanna authenticate users on each request, so whats the best way to only make them log in once?

Also, should oAuth work fine here?

If you have any examples on how to log users in on a Laravel built api please share.

Thanks in advance

图片转代码服务由CSDN问答提供 功能建议

我正在为iOS应用程序构建我的第一个休息API。 我用于建立API的框架是Laravel。

到目前为止,一切都运行良好,但我不确定如何使用API​​登录用户。 会话会话在这里工作吗? 我已经在使用SSL / HTTPS,但我不想在每个 request上对用户进行身份验证,那么最好只让他们登录一次?

另外,oAuth应该在这里工作正常吗? / p>


提前致谢 < / DIV>

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doutuoji8418 2014-10-20 14:13

    With my experience, Laravel built in Authentication component is just be able to applied to normal authentication via form, session and cookie. To handled API authentication, I have used these methods, hope that one of them is suitable for you.

    OAuth 2

    With the help of lucadegasperi/oauth2-server-laravel, you can make your API secured via OAuth flows. More documentation can be found at the package wiki on Github or the PHP League Oauth2 home page. You can use filters to secure your API routes as follow:

    Route::get('protected-resource', ['before' => 'oauth:scope1,scope2', function() {
        // return the protected resource

    However, OAuth need a database to save client credentials and some more settings, if your API is not so complicated, this solution may not suitable.

    HTTP Authentication

    This solution is more simple than OAuth and I recommend using it with an SSL (HTTPS) connection because the authentication information can be visible why using this. The packages I used before is Intervention/httpauth. You have two options with authentication method by using this package: basic (send a base64 encoded of the combination username:password via HTTP header) or digest (use MD5 algorithm to encode your information before sending via HTTP header). This solution does not required any database.

    解决 无用
    打赏 举报

相关推荐 更多相似问题