Add Authentication for API for use with API and API users - Githubissues

geoff-maddock / events-tracker

CRM and calendar to track events, weekly and monthly series, promoters, artists, producers, djs, venues and other entities.

https://arcane.city

MIT License

15 stars 5 forks source link

Add Authentication for API for use with API and API users #971

Open geoff-maddock opened 1 year ago

geoff-maddock commented 1 year ago

Set up an authentication method for the API that will work for a frontend/spa.

Sanctum is an option that would let users create API tokens And also allow auth for an SPA

Passport is a more complex option that supports OAuth2 https://laravel.com/docs/10.x/passport

geoff-maddock commented 1 year ago

Test getting the basic auth user to match a database user

geoff-maddock commented 1 year ago

Testing Sanctum - it did allow me to generate tokens, but the routes are not being protected by the sanctum middleware

geoff-maddock commented 1 year ago

Maybe watch a video that compares these options.

geoff-maddock commented 1 year ago

For non-user auth, use auth-code flow: https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow

To get a token - these tokens will just allow access but not set a user.

For auth with a user, we'll hit another route to generate a token that will then also set the user to verify authorization.