/laravel-api-auth

Dead simple Laravel api auth middleware

Primary LanguagePHP

Build Status Latest Stable Version Total Downloads

Laravel Api Auth

Laravel gives easy ways to handle api authorization using user based tokens, but sometimes you need to use a single token to give access to your application, especially when you're developing two apps that need to be connected, or perhaps you're in need of connecting Telegram-bot to your app endpoint using webhooks

Laravel-api-auth makes that easy as breathe, no migrations, no models

Installing package

If you're using Laravel prior to 5.5, consider using v0.1 branch

$ composer require erjanmx/laravel-api-auth

Publish the Package configuration

$ php artisan vendor:publish --provider="Apiauth\Laravel\CAuthServiceProvider"

Using package

Step 1

Change defaults in config/apiauth.php

<?php

return [
    'services' => [

        'MY_APP' => [                          // this is the name of the middleware of route group to be protected
            'tokenName' => 'api_token',        // name of key that will be checked for secret value
            'token' => env('MY_APP_TOKEN'),    // secret value that is retrieved from env vars and needs to be passed in requests in order to get access to your protected urls

            'allowJsonToken' => true,        
            'allowBearerToken' => true,        
            'allowRequestToken' => true,       
        ]
    ],
];

Step 2

  • Add your secret value in .env file
// .env

...your other variables

MY_APP_TOKEN=my-secret

Step 3

  • Add group with middleware in your routes file
Route::group(['prefix' => 'api', 'middleware' => ['apiauth:MY_APP']], function () { // note the `MY_APP` that should match the name in your config we changed above
    Route::any('/', function () {
        return 'Welcome!';
    });
});

That's it

Your urls within your group are accessible only if valid token provided

  • In GET or POST request

image image

  • In request header as Authorization Bearer (tokenName is ignored in this case)

image

  • In json raw body

image

You're free to change token name (api_token by default) in configuration file as well as authorization methods to be checked. Also you can set as many services as you want.