Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross Authentication between two different Laravel application

enter image description here

Background

The two application is developed in PHP Laravel web application. In the application, App 1 and App 2 are two difference Application and being managed by two different team. App 1 is use to trim video while App 2 is use to showcase their video.

The current login method of two application is email password login.

Algorithms:

  1. In the App 1 (Ex. Facebook), user can login to the system and upload video together with some form details.
  2. App 1 then trim and process the video and save inside the FileSystem.
  3. After the process, App 1 then POST the results to App 2 (Ex. Instagram).
  4. In the App 2, the video is then uploaded with the respective user information and showcase to public.

Problem

  • How do APP 1 authenticate the user in APP 2.
  • What is the best approach and most user friendly method while provide a secure authentication

The thing that I concern is the authentication part of App 2. How do we authenticate the user in App 1 before sending the videos to App 2 due to difference user login method?

Some Work that I managed to found on Google

First Way: hash(Master Key + [INFO])

  1. Create a master key that are known by only App 1 and App 2. Then hash the master with some extra information (Ex. time()). Then App 2 can validate the hash information with its own master key and if the result is similar then, user can pass through the authentication process and straight away post the video on App 2.

Second Way: OAUTH Token

  1. User have to login to the App 2 and generate OAUTH token. Then user need to submit their OAUTH token on App 1 to allows for video posting. This method is not really user friendly as this approach is somewhat the approach for developer.

Not really sure about the terminology used for this type of authentication. Feel free to let me know in the comment section. Thank you very much.

like image 281
Quek Yao Jing Avatar asked Jul 04 '26 20:07

Quek Yao Jing


1 Answers

Authentication between different applications can be achieved using various methods.

Option 1: OAuth 2.0

OAuth 2.0 is a widely used protocol for authentication and authorization. It involves the concept of access tokens, which can be used to grant access to resources on behalf of a user.

Implementation:

User Logs In (App 1): When a user logs into App 1, generate an OAuth token. Token Exchange (App 1 to App 2): Send this token securely to App 2 along with the video and user details. Token Validation (App 2): App 2 validates the token against its OAuth server.

Option 2: JWT (JSON Web Tokens)

JWTs are compact, URL-safe means of representing claims between two parties. They can be signed and encrypted for additional security.

Implementation:

User Logs In (App 1): When a user logs in, generate a JWT containing user information. Send JWT (App 1 to App 2): Send the JWT securely to App 2 along with the video. Token Verification (App 2): App 2 verifies the JWT's signature and extracts user information.

Option 3: API Key with HMAC

This approach uses a combination of an API key and HMAC (Hash-based Message Authentication Code) for secure communication.

Implementation:

Generate API Key (App 2): App 2 generates an API key and shares it securely with App 1. Request Signing (App 1): Sign the request (including video and user details) using HMAC with the shared key. Verify Signature (App 2): App 2 verifies the signature using its shared key.

Recommendation:

Choose the method that best aligns with your security requirements and infrastructure. OAuth 2.0 is a good choice for standardized authentication, while JWTs provide a lightweight alternative. The API key with HMAC is simpler but effective if implemented securely.

like image 72
Mohammad Abdorrahmani Avatar answered Jul 06 '26 11:07

Mohammad Abdorrahmani