Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sentry 2 authentication for REST API with Laravel 4

Posted on 2013-12-05
11
Medium Priority
?
4,885 Views
Last Modified: 2013-12-13
I'm trying to create a mobile application which uses REST services to load and manage data (hotel information).

I'm using Laravel 4 as the framework for my REST services, along with Sentry 2 module for authentication.

As far as the backend is concerned, I've set up the models, migrations, routes, etc. with Laravel.

However, despite extensive searching, I'm unable to find any good tutorials on making the REST services secure with Sentry 2.

How do I ensure that only authorized users can call the web services?
0
Comment
Question by:shishir_sri
  • 6
  • 5
11 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39699674
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39699694
Hey Ray_Paseur,

Thanks for getting back to me. Yes, I've read that article.

I've already installed Sentry 2 into my project.

The problem is that their documentation is written with the assumption that we're building a web application, with a login form and everything. In this case, Sentry uses cookies to store session data, and authenticate users.

Since I'll be accessing the web services from a mobile application, I need to know how to implement Sentry's authentication process for web services rather than for "views".

I hope I was able to explain the problem adequately. Please let me know if you have any questions.

best,
Shishir
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39699715
accessing the web services from a mobile application
Can you please tell us more about the mobile application?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Author Comment

by:shishir_sri
ID: 39699755
Sure. Here is a basic description of the app.

The database contains data about various hotels, and the events they may be hosting.

The app allows logged in users to view hotels and their events. They can mark events as 'attending'/'not attending'.

The data and actions are accessible as rest api. i want to enable user authentication on these api.

There is also an admin panel which allows certain users to manage hotels and events.

This admin panel is separate from the mobile app.

Both, the app and the admin panel use the REST api to perform the various tasks.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39699876
Where does the mobile app run?  Is it on the iPhone/Android?  If so, it would make sense for the app to respond (at least in part) like a well-behaved web browser, accepting and returning cookies, following redirects, etc.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700202
Yes. the app will be compiled for Android and iPhone devices.

All services will be called using ajax.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700386
The app will be packaged using PhoneGap.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1500 total points
ID: 39701452
You might want to make a Google search for PhoneGap+Cookies.  A quick scan of the literature suggests that support is uneven, so "heads up."  You may want to put this behind SSL for a little better security.  If the communication is encrypted you can be more comfortable about transmitting any authentication data, including cookies.
0
 
LVL 3

Assisted Solution

by:shishir_sri
shishir_sri earned 0 total points
ID: 39705520
Hey Ray_Paseur,

Thanks for your suggestion. I did more research into PhoneGap and Cookies, and as you said, the support is uneven. Therefore, I eventually decided to implement oAuth to enable token based api access.

I'm using this library to integrate oAuth into my application:
https://github.com/lucadegasperi/oauth2-server-laravel

This library is basically a Laravel wrapper for the following oAuth2 server:
https://github.com/php-loep/oauth2-server

Hopefully, in the coming days, I'll be able to write a tutorial on the entire process, and put it up here or on my blog, so that it helps others.

Thanks again.

- Shishir
0
 
LVL 3

Author Closing Comment

by:shishir_sri
ID: 39716220
I found an alternate solution to my problem, which has been described in my comment. This solution is more "stable" than the original solution that I was looking for, hence, I've marked my comment as a possible solution so that others may go through it.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39716586
Thanks.   I think an article describing the process and showing how you did this would be great!  Best regards, ~Ray
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The task of choosing a web design company to build a website for your business should never be taken in a light manner. Provided the fact that your website will act as a representative to your business and will be responsible for imposing an online …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question