Access API using client id and secret key in laravel/lumen

Question

I have created an API for my web application. Now I want to give access to the world but before giving access I want mechanism something like Facebook API, Twitter API, Google API who provides client ID and Secret Key. Currently, I am using JWT AuthController, user login with his credentials and return a token, I don't want the users to be login.

I want the user can access my API using client ID and secret key? Another thing is that and How I will create client ID's and secret keys for the users?

Is this can be achieved using JWT Auth?

Any help?

Answer 1

I have read the article and quite promising it is, but after few post it recommends to use oauth2, here you go:

https://laracasts.com/discuss/channels/lumen/api-authorization-via-public-and-secret-keys

quotes:

Just add in the class to your API config.

namespace App\Providers\Guard;

use Dingo\Api\Auth\Provider\Authorization; use Dingo\Api\Routing\Route; use Illuminate\Http\Request; use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;

class GuardProvider extends Authorization { /** * Get the providers authorization method. * * @return string */ public function getAuthorizationMethod() { return 'X-Authorization'; }

/**
 * Authenticate the request and return the authenticated user instance.
 *
 * @param \Illuminate\Http\Request $request
 * @param \Dingo\Api\Routing\Route $route
 *
 * @return mixed
 */
public function authenticate(Request $request, Route $route)
{
    $key = $request->header(env('API_AUTH_HEADER', 'X-Authorization'));
    if (empty($key)) $key = $request->input(env('API_AUTH_HEADER', 'X-Authorization'));
    if (empty($key)) throw new UnauthorizedHttpException('Guard', 'The supplied API KEY is missing or an invalid authorization header was sent');

    $user = app('db')->select("SELECT * FROM users WHERE users.key = ?", [$key]);
    if (!$user) throw new UnauthorizedHttpException('Guard', 'The supplied API KEY is not valid');

    return $user;
} }