Sanctum with Socialite: API Authentication via Social Networks in Laravel 8
Introduction
Social network authentication is now an essential part of many web application as it saves the users a lot of time, as they won’t need to fill the whole form. They just sign up with their social account and next time they can log into the website by a single click.
In this post, I will show you how easily we can integrate sanctum authentication with social networks via google, facebook, github, etc. with same piece of code.
You can view the source code here.
Lets get started …
Step 1: Install and configure Sanctum Package
Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account. These tokens may be granted abilities / scopes which specify which actions the tokens are allowed to perform.
Install sanctum package:
composer require laravel/sanctum
Then, publish the configuration file of sanctum. The sanctum configuration file will be placed in your config directory:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
In User Model(app/models/user.php
), add HasApiTokens Traits.
Step 2. Install and configure Socialite Package
Laravel also provides a simple, convenient way to authenticate with OAuth providers using Laravel Socialite. Socialite currently supports authentication with Facebook, Twitter, LinkedIn, Google, GitHub, GitLab and Bitbucket.
Install socialite package:
composer require laravel/socialite
Then add credentials for the OAuth services your application utilizes. These credentials should be placed in your config/services.php
configuration file, and should use the key equals to provider name (e.g., facebook
, google
, github
etc.)
If you want to use a provider that is not provided in Socialite by default take a look on Socialite Providers.
Step 3: Get Client Id and Client Secret from respective OAuth provider
We can easily setup developer account and get client id and client secret from respective OAuth provider. Here are few links of OAuth providers:
GitHub: https://github.com/settings/developers
Google: https://console.developers.google.com/apis/dashboard
Facebook: https://developers.facebook.com/apps/
Setup 4: Changes in .env file
As you get credentials from OAuth Services, add client_id, client_secret and redirect_uri in your .env file for your OAuth service:
Step 5: Migrating the tables
We need to make few changes in users table migration before running migration. Password field should be made nullable as we will not require password column.
Create a providers table to store OAuth service provider information:
Run all migrations:
php artisan migrate
Step 6: Create and configure Provider Model
Make model for the providers table created:
php artisan make:model Provider
Once provider model is created. User model is related with provider model by creating providers function.
Step 6: Add the route
Define the routes in api.php
Step 7: Create Login Controller
Make LoginController.php:
php artisan make:controller LoginController
Next, one route for redirecting the user to the OAuth provider, and another for receiving the callback from the provider after authentication. We will access Socialite using the Socialite facade:
The user
method will read the incoming request and retrieve the user's information from the provider. Then we store only necessary user information to the database. With the help of sanctum, Bearer token is generated.
Step 8: Run the application
php artisan serve
Now, Paste and go http://localhost:8000/api/login/github in your browser.
Then, add your credentials:
After user is authenticated, we get the following response with Access-Token in its header:
Conclusion
We have successfully implemented API authentication via social login in Facebook, Twitter, and Google using Socialite . Now you could easily add other providers like Twitter, GitLab, etc and work like a charm.
About
Includes three tables
- Students
- id(PK)
- name
- address
- phone_no
- photo
- Courses
- id(PK)
- name
- start_date
- end_date
- courses_students
- course_id(FK)
- student_id(FK)
Query operations are performed showing
- create courses with start_date and end_date
- show running and past courses
- Add Students
- View all Students in addition to edit and delete students
Source Code
Documentation
Project: BipinMhzn/internship-projectReport: Final Internship Project Report
Result
Change Password Page:
Reset Password Page:
Register New User Page:
The project Mero Token is developed in Ethereum platform in order to develop an ERC20 standard token and initiate the initial coin offering in a crowd sale. Its main concern is to remove the third-party trust issue between the investor and the company and therefore initiate the crowd fund in easy and fast way. Any tokens developed in ERC20 standard can be exchanged with each other. “Mero” token costs ether to buy it which acts as a fund raising for crowd sale. In real world, investors buy into ICOs in the hope of quick and powerful returns on their investments.
Objective
- Code own cryptocurrency on the Ethereum blockchain
- Create own ERC20 token and crowd sale with Ethereum smart contracts
- Build an ICO website
- Enable users to transfer, approve and transferFrom tokens
Documentation
Github Project: Mero Token