Solved

Sentry 2 authentication for REST API with Laravel 4

Posted on 2013-12-05
11
4,822 Views
Last Modified: 2013-12-13
I'm trying to create a mobile application which uses REST services to load and manage data (hotel information).

I'm using Laravel 4 as the framework for my REST services, along with Sentry 2 module for authentication.

As far as the backend is concerned, I've set up the models, migrations, routes, etc. with Laravel.

However, despite extensive searching, I'm unable to find any good tutorials on making the REST services secure with Sentry 2.

How do I ensure that only authorized users can call the web services?
0
Comment
Question by:shishir_sri
  • 6
  • 5
11 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39699674
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39699694
Hey Ray_Paseur,

Thanks for getting back to me. Yes, I've read that article.

I've already installed Sentry 2 into my project.

The problem is that their documentation is written with the assumption that we're building a web application, with a login form and everything. In this case, Sentry uses cookies to store session data, and authenticate users.

Since I'll be accessing the web services from a mobile application, I need to know how to implement Sentry's authentication process for web services rather than for "views".

I hope I was able to explain the problem adequately. Please let me know if you have any questions.

best,
Shishir
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39699715
accessing the web services from a mobile application
Can you please tell us more about the mobile application?
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39699755
Sure. Here is a basic description of the app.

The database contains data about various hotels, and the events they may be hosting.

The app allows logged in users to view hotels and their events. They can mark events as 'attending'/'not attending'.

The data and actions are accessible as rest api. i want to enable user authentication on these api.

There is also an admin panel which allows certain users to manage hotels and events.

This admin panel is separate from the mobile app.

Both, the app and the admin panel use the REST api to perform the various tasks.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39699876
Where does the mobile app run?  Is it on the iPhone/Android?  If so, it would make sense for the app to respond (at least in part) like a well-behaved web browser, accepting and returning cookies, following redirects, etc.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 3

Author Comment

by:shishir_sri
ID: 39700202
Yes. the app will be compiled for Android and iPhone devices.

All services will be called using ajax.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700386
The app will be packaged using PhoneGap.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39701452
You might want to make a Google search for PhoneGap+Cookies.  A quick scan of the literature suggests that support is uneven, so "heads up."  You may want to put this behind SSL for a little better security.  If the communication is encrypted you can be more comfortable about transmitting any authentication data, including cookies.
0
 
LVL 3

Assisted Solution

by:shishir_sri
shishir_sri earned 0 total points
ID: 39705520
Hey Ray_Paseur,

Thanks for your suggestion. I did more research into PhoneGap and Cookies, and as you said, the support is uneven. Therefore, I eventually decided to implement oAuth to enable token based api access.

I'm using this library to integrate oAuth into my application:
https://github.com/lucadegasperi/oauth2-server-laravel

This library is basically a Laravel wrapper for the following oAuth2 server:
https://github.com/php-loep/oauth2-server

Hopefully, in the coming days, I'll be able to write a tutorial on the entire process, and put it up here or on my blog, so that it helps others.

Thanks again.

- Shishir
0
 
LVL 3

Author Closing Comment

by:shishir_sri
ID: 39716220
I found an alternate solution to my problem, which has been described in my comment. This solution is more "stable" than the original solution that I was looking for, hence, I've marked my comment as a possible solution so that others may go through it.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39716586
Thanks.   I think an article describing the process and showing how you did this would be great!  Best regards, ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To properly understand GitHub, let’s divide it into two words ‘Git’ and ‘Hub’. Git is basically a ‘Distribution Version Control’ (DVC) and ‘Source Code Management’ (SCM) system widely used by software programmers while Hub means the efficient centre…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now