Solved

Sentry 2 authentication for REST API with Laravel 4

Posted on 2013-12-05
11
4,813 Views
Last Modified: 2013-12-13
I'm trying to create a mobile application which uses REST services to load and manage data (hotel information).

I'm using Laravel 4 as the framework for my REST services, along with Sentry 2 module for authentication.

As far as the backend is concerned, I've set up the models, migrations, routes, etc. with Laravel.

However, despite extensive searching, I'm unable to find any good tutorials on making the REST services secure with Sentry 2.

How do I ensure that only authorized users can call the web services?
0
Comment
Question by:shishir_sri
  • 6
  • 5
11 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0
 
LVL 3

Author Comment

by:shishir_sri
Comment Utility
Hey Ray_Paseur,

Thanks for getting back to me. Yes, I've read that article.

I've already installed Sentry 2 into my project.

The problem is that their documentation is written with the assumption that we're building a web application, with a login form and everything. In this case, Sentry uses cookies to store session data, and authenticate users.

Since I'll be accessing the web services from a mobile application, I need to know how to implement Sentry's authentication process for web services rather than for "views".

I hope I was able to explain the problem adequately. Please let me know if you have any questions.

best,
Shishir
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
accessing the web services from a mobile application
Can you please tell us more about the mobile application?
0
 
LVL 3

Author Comment

by:shishir_sri
Comment Utility
Sure. Here is a basic description of the app.

The database contains data about various hotels, and the events they may be hosting.

The app allows logged in users to view hotels and their events. They can mark events as 'attending'/'not attending'.

The data and actions are accessible as rest api. i want to enable user authentication on these api.

There is also an admin panel which allows certain users to manage hotels and events.

This admin panel is separate from the mobile app.

Both, the app and the admin panel use the REST api to perform the various tasks.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Where does the mobile app run?  Is it on the iPhone/Android?  If so, it would make sense for the app to respond (at least in part) like a well-behaved web browser, accepting and returning cookies, following redirects, etc.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Author Comment

by:shishir_sri
Comment Utility
Yes. the app will be compiled for Android and iPhone devices.

All services will be called using ajax.
0
 
LVL 3

Author Comment

by:shishir_sri
Comment Utility
The app will be packaged using PhoneGap.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
You might want to make a Google search for PhoneGap+Cookies.  A quick scan of the literature suggests that support is uneven, so "heads up."  You may want to put this behind SSL for a little better security.  If the communication is encrypted you can be more comfortable about transmitting any authentication data, including cookies.
0
 
LVL 3

Assisted Solution

by:shishir_sri
shishir_sri earned 0 total points
Comment Utility
Hey Ray_Paseur,

Thanks for your suggestion. I did more research into PhoneGap and Cookies, and as you said, the support is uneven. Therefore, I eventually decided to implement oAuth to enable token based api access.

I'm using this library to integrate oAuth into my application:
https://github.com/lucadegasperi/oauth2-server-laravel

This library is basically a Laravel wrapper for the following oAuth2 server:
https://github.com/php-loep/oauth2-server

Hopefully, in the coming days, I'll be able to write a tutorial on the entire process, and put it up here or on my blog, so that it helps others.

Thanks again.

- Shishir
0
 
LVL 3

Author Closing Comment

by:shishir_sri
Comment Utility
I found an alternate solution to my problem, which has been described in my comment. This solution is more "stable" than the original solution that I was looking for, hence, I've marked my comment as a possible solution so that others may go through it.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Thanks.   I think an article describing the process and showing how you did this would be great!  Best regards, ~Ray
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Recently I spent hours debugging an issue in a Rails project where ActiveRecord was causing MySQL errors trying to create a User object of a class at the top level of a Single Table Inheritance model structure.  It turns out `.create` behaves differ…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now