2

I'm building a RESTful api using Laravel that is serving an Ember js application.

I'm currently trying to implement oath-4-laravel but I'm not sure it will work for my proposes(to serve my js application).

I don't want to use ssl because of the overhead and basic authentication won't suffice. Tried to take a look at HTTP Digest but apparently it's not that safe.

This is my first time building a serious RESTful api and I'm a bit lost when it comes to this. So I'm looking for advice, maybe there's a better package for it or I will have to develop my own.

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
4

It strongly depends who should be able to authenticate against your API. If you just want to access the API from your own js-client, an OAuth implementation is imho a huge overhead.

If basic auth / auth digest is too weak for your case, you can have a look at the concept of hmac. There are also a few packages available which should it make easy to integrate it in L4.

But just in case, OAuth is a great choice if you're planing to grant API access to 3rd-party clients/developers. I'd recommend you the oauth2-server-laravel which is a laravel4 integration of the phpleague oauth2 server. I just finished a project with this package, worked out very nice.

Just my 2 cents, hope this helps you.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you very much for the reponse, I decided to go phpleague oath2 as the api will be somewhat public.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.