Solved

Sentry 2 authentication for REST API with Laravel 4

Posted on 2013-12-05
11
4,835 Views
Last Modified: 2013-12-13
I'm trying to create a mobile application which uses REST services to load and manage data (hotel information).

I'm using Laravel 4 as the framework for my REST services, along with Sentry 2 module for authentication.

As far as the backend is concerned, I've set up the models, migrations, routes, etc. with Laravel.

However, despite extensive searching, I'm unable to find any good tutorials on making the REST services secure with Sentry 2.

How do I ensure that only authorized users can call the web services?
0
Comment
Question by:shishir_sri
  • 6
  • 5
11 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39699674
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39699694
Hey Ray_Paseur,

Thanks for getting back to me. Yes, I've read that article.

I've already installed Sentry 2 into my project.

The problem is that their documentation is written with the assumption that we're building a web application, with a login form and everything. In this case, Sentry uses cookies to store session data, and authenticate users.

Since I'll be accessing the web services from a mobile application, I need to know how to implement Sentry's authentication process for web services rather than for "views".

I hope I was able to explain the problem adequately. Please let me know if you have any questions.

best,
Shishir
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39699715
accessing the web services from a mobile application
Can you please tell us more about the mobile application?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 3

Author Comment

by:shishir_sri
ID: 39699755
Sure. Here is a basic description of the app.

The database contains data about various hotels, and the events they may be hosting.

The app allows logged in users to view hotels and their events. They can mark events as 'attending'/'not attending'.

The data and actions are accessible as rest api. i want to enable user authentication on these api.

There is also an admin panel which allows certain users to manage hotels and events.

This admin panel is separate from the mobile app.

Both, the app and the admin panel use the REST api to perform the various tasks.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39699876
Where does the mobile app run?  Is it on the iPhone/Android?  If so, it would make sense for the app to respond (at least in part) like a well-behaved web browser, accepting and returning cookies, following redirects, etc.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700202
Yes. the app will be compiled for Android and iPhone devices.

All services will be called using ajax.
0
 
LVL 3

Author Comment

by:shishir_sri
ID: 39700386
The app will be packaged using PhoneGap.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39701452
You might want to make a Google search for PhoneGap+Cookies.  A quick scan of the literature suggests that support is uneven, so "heads up."  You may want to put this behind SSL for a little better security.  If the communication is encrypted you can be more comfortable about transmitting any authentication data, including cookies.
0
 
LVL 3

Assisted Solution

by:shishir_sri
shishir_sri earned 0 total points
ID: 39705520
Hey Ray_Paseur,

Thanks for your suggestion. I did more research into PhoneGap and Cookies, and as you said, the support is uneven. Therefore, I eventually decided to implement oAuth to enable token based api access.

I'm using this library to integrate oAuth into my application:
https://github.com/lucadegasperi/oauth2-server-laravel

This library is basically a Laravel wrapper for the following oAuth2 server:
https://github.com/php-loep/oauth2-server

Hopefully, in the coming days, I'll be able to write a tutorial on the entire process, and put it up here or on my blog, so that it helps others.

Thanks again.

- Shishir
0
 
LVL 3

Author Closing Comment

by:shishir_sri
ID: 39716220
I found an alternate solution to my problem, which has been described in my comment. This solution is more "stable" than the original solution that I was looking for, hence, I've marked my comment as a possible solution so that others may go through it.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39716586
Thanks.   I think an article describing the process and showing how you did this would be great!  Best regards, ~Ray
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Relic recently released its Synthetics product that allows for the creation of performance monitors that periodically test a site's performance. If you wish to test an interactive workflow New Relic employs Selenium WebDriverJS to run those test…
The task of choosing a web design company to build a website for your business should never be taken in a light manner. Provided the fact that your website will act as a representative to your business and will be responsible for imposing an online …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question