Build a Laravel Application with User Authentication
One of those functionalities is robust authentication and authorization. I think it is safe to say that all great web applications built today need a robust authentication system. That's where Stormpath comes in. You never have to build auth again with Stormpath's Laravel integration, which handles all the authentication needs for you so you can focus on building an amazing web application. Plus, you don't even have to manage user data and security.
With only a few lines of code to your new Laravel application, you will instantly have access to all the views and logic you need to secure your application. This tutorial will go through the steps to get up and running in no time with features such as:
- User registration and login.
- Account verification via email.
- Password reset via email.
- Hosted and pre-built user interface screens
If you don’t already have a Stormpath account and application, you’ll need to create one now — you can do so here: https://api.stormpath.com/register
The rest of this article assumes you have a Stormpath account and API key pair.
Set up Your Laravel Application
We're going to start by building a simple Laravel application. This application will have a Login, Logout, and Register functionalities. After we get all of the basics installed, we will enable the Forgot Password workflows and work with middleware.Install the Necessary Tools
The first step is to install all the tools needed to start this project. The following tools will be required:Install Composer
Composer is a dependency manager for PHP. It is how Stormpath distributes all PHP Packages. Visit http://getcomposer.org and follow the instructions here to fully install composer. Once you have this installed, you should be able to typecomposer in terminal and see the output: You are running composer with xdebug enabled. This has a major impact on runtime performance. See https://getcomposer.org/xdebug
Install Your Laravel Project
In this example, I use a tool called the Laravel Installer. It is a simple command line tool that lets you quickly install a new project. There are a few other ways you can install Laravel but they all require composer. Install the Laravel Installer by runningcomposer global require "laravel/installer" Next, run the following to install the project.laravel new my-stormpath-projectIf you don’t want to use the installer, another option to install Laravel is with composer. Visit https://laravel.com/docs/5.2/#installing-laravelYou can now cd into
my-stormpath-project and run php artisan. If everything installed correctly, you should see something like the following:~/Sites/my-stormpath-project> php artisan
Laravel Framework version 5.2.6
Usage:
command [options] [arguments]Require the Stormpath Laravel Package
Requiring the Stormpath Laravel package is very simple with Composer. Open yourcomposer.json file and add the following line to the require block:"stormpath/laravel": "0.1.*"At the time of writing this post, The package version is 0.1.0.There are a few more settings that have to be configured to enable this package before you can run it. The first step is to take your API keys from Stormpath and put them into your
.env file of your project. From the root of your project, open up .env and place the following at the end of the file replacing the necessary values.STORMPATH_CLIENT_APIKEY_ID={{APIKEY_ID}}
STORMPATH_CLIENT_APIKEY_SECRET={{APIKEY_SECRET}}
STORMPATH_APPLICATION_HREF={{FULL_APPLICATION_HREF}}config/app.php and add the following to your providers section."providers" => [
...
Stormpath\Laravel\Support\StormpathLaravelServiceProvider::class,
...
]php artisan serve from the command line and visit http://localhost:8000/login. You should see the following login screen
Congratulations, you have installed stormpath/laravel! You now have basic login and registration capabilities without needing to build any logic or views at all.
Protect a Route with Stormpath
Out of the box, we provide you with a few different middleware options to protect your routes. We havestormpath.guest and stormpath.authstormpath.guest is set up so only un-authenticated users can see the route. This is useful for registration pages and pricing/upgrade pages. These are pages that registered users may not need to see.
stormpath.auth is the inverse of stormpath.guest. This middleware requires a user to be logged into the system to be able to view the route.
To set up a route, all you need to do is add the middleware to the route.
// This route is only accessible by a logged in user
Route::get('protected', ['middleware' => ['stormpath.auth'], function() {
return 'These are all the secrets!';
}]);
// This route is only accessible by a guest
Route::get('guests', ['middleware' => ['stormpath.guest'], function() {
return 'You are a guest!';
}]);
By default. stormpath.guest middleware is enabled for login, register, forgot-password, and change-password routes.
Configure Your Laravel Integration
So far, we have touched on the basics of what this integration is able to do. We have built in many more features that can be enabled and configured within the Stormpath Configuration of the Package. In order to access and modify these, you will need to publish the vendor files. In Laravel, there is an artisan command to do this for us. From the root of your project in terminal, runphp artisan vendor:publish and this will create a new file located at config/stormpath.php with all the configuration options that are available. Enable Forgot/Reset Password Workflows
When building an application, a lot of people will either forget or incorrectly set up the forgot password and reset password workflows. If a developer does not want to manually reset user passwords all the time, they will want to offer a way for the user to do so. This can be a very insecure part of an application if it is not correctly set up.We have made this easier for you and integrated it as part of the core package. By default, these workflows are turned off, but it is just a configuration option in the
config/stormpath.php file that you need to enable. Find the forgotPassword key in the array and set enabled to true. You now have access to the Forgot password workflow by going to /forgot in your browser.
This will begin the email flow for the forgot password workflow. The user will receive an email if the account is found. The email will include a link for them to reset their password. No crazy code is needed for you to set this up correctly and it is secure.
Set up Pre-Built Workflows
If you know about Stormpath, you may already know about ID Site. If you are unaware of what ID Site is, it is a set of hosted and pre-built user interface screens that take care of common identity functions for your applications — login, registration, and password reset. ID Site can be accessed via your own custom domain like id.mydomain.com and shared across multiple applications to create centralized authentication as needed.We wanted to make an easy way for you to use ID Site in Laravel. There are a couple of things that need to be done to enabled ID Site. Steps for setting up ID Site can be found in the Stormpath docs.
To enable the package to use ID site for all your requests, open up the file
config/stormpath.php
and you will see a full list of available options. The one we are
looking for can be found towards the bottom of the file in the web->idsite setting. We want to mark it as enabled for ID Site to work. Now, any of the features that are enabled will use ID site by default.Wrapping Up
By completing the steps above, you should now be able to create a secure application quickly without much work to do. Let's review what we accomplished in this tutorial:- Added Login, Logout, and Register functionalities to your Larvel application.
- Customized middleware options to protect your routes.
- Enabled hosted and pre-built user interface screens for password reset.
![About [span]me[/span]](http://images.huffingtonpost.com/2016-05-24-1464106527-7011249-paper_inspiration.jpg)
