Solved

Sentry 2 authentication for REST API with Laravel 4

Posted on 2013-12-05
11
4,842 Views
Last Modified: 2013-12-13
I'm trying to create a mobile application which uses REST services to load and manage data (hotel information).

I'm using Laravel 4 as the framework for my REST services, along with Sentry 2 module for authentication.

As far as the backend is concerned, I've set up the models, migrations, routes, etc. with Laravel.

However, despite extensive searching, I'm unable to find any good tutorials on making the REST services secure with Sentry 2.

How do I ensure that only authorized users can call the web services?
0
Comment
Question by:shishir_sri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39699674
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39699694
Hey Ray_Paseur,

Thanks for getting back to me. Yes, I've read that article.

I've already installed Sentry 2 into my project.

The problem is that their documentation is written with the assumption that we're building a web application, with a login form and everything. In this case, Sentry uses cookies to store session data, and authenticate users.

Since I'll be accessing the web services from a mobile application, I need to know how to implement Sentry's authentication process for web services rather than for "views".

I hope I was able to explain the problem adequately. Please let me know if you have any questions.

best,
Shishir
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39699715
accessing the web services from a mobile application
Can you please tell us more about the mobile application?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 3

Author Comment

by:shishir_sri
ID: 39699755
Sure. Here is a basic description of the app.

The database contains data about various hotels, and the events they may be hosting.

The app allows logged in users to view hotels and their events. They can mark events as 'attending'/'not attending'.

The data and actions are accessible as rest api. i want to enable user authentication on these api.

There is also an admin panel which allows certain users to manage hotels and events.

This admin panel is separate from the mobile app.

Both, the app and the admin panel use the REST api to perform the various tasks.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39699876
Where does the mobile app run?  Is it on the iPhone/Android?  If so, it would make sense for the app to respond (at least in part) like a well-behaved web browser, accepting and returning cookies, following redirects, etc.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700202
Yes. the app will be compiled for Android and iPhone devices.

All services will be called using ajax.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700386
The app will be packaged using PhoneGap.
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39701452
You might want to make a Google search for PhoneGap+Cookies.  A quick scan of the literature suggests that support is uneven, so "heads up."  You may want to put this behind SSL for a little better security.  If the communication is encrypted you can be more comfortable about transmitting any authentication data, including cookies.
0
 
LVL 3

Assisted Solution

by:shishir_sri
shishir_sri earned 0 total points
ID: 39705520
Hey Ray_Paseur,

Thanks for your suggestion. I did more research into PhoneGap and Cookies, and as you said, the support is uneven. Therefore, I eventually decided to implement oAuth to enable token based api access.

I'm using this library to integrate oAuth into my application:
https://github.com/lucadegasperi/oauth2-server-laravel

This library is basically a Laravel wrapper for the following oAuth2 server:
https://github.com/php-loep/oauth2-server

Hopefully, in the coming days, I'll be able to write a tutorial on the entire process, and put it up here or on my blog, so that it helps others.

Thanks again.

- Shishir
0
 
LVL 3

Author Closing Comment

by:shishir_sri
ID: 39716220
I found an alternate solution to my problem, which has been described in my comment. This solution is more "stable" than the original solution that I was looking for, hence, I've marked my comment as a possible solution so that others may go through it.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39716586
Thanks.   I think an article describing the process and showing how you did this would be great!  Best regards, ~Ray
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question