I want to customize my auth middleware that secure my endpoint. for example, i want to accept requests that have specific bearer token. how can i do? i’m using dingo api library. Answer Go to kernel.php file in HTTP directory. You’ll see something like this. Find the ExampleClass and read its hand…
Tag: token
Token expiration doesn’t working – Sanctum, Laravel
What I did: I added token expiration to application that has login system, by changed null to 1 minute expiration in sanctum.php file: Problem: It doesn’t work, the app still accept authorized requests all the time. Nothing has changed. Code: Create token (login): Verify token: Delete token (log out): A…
Strange thing with PHP token confirmation
Before submitting the form, I check if the token matches like this: HTML: And for some reason, else is always triggered, although in theory the check should occur when sending data. What could be the problem? UPD.And besides, the error text is constantly visible at the top of the page, although I display all …
Laravel app interacting with a 3rd party API to get a token
I have one Laravel app with a GUI where the user logs in based on the data from a MySQL database. When the user logs in, the server needs to make a request to a specific endpoint of a 3rd party API in …
How to auto generate embed token using javascript and PHP?
I also posted this on the PowerBI Community but haven’t gotten any traction: https://community.powerbi.com/t5/Developer/Auto-Generate-Embed-Token-using-Javascript-and-PHP/td-p/1316556 I have gotten my report working in test with a token generated using the Microsoft Embed Token – Generate Token (h…
Extract token from response url – Spotify API
I’m using this code to get a token from Spotify’s Web API: That results in this showing up in the browser: Great! But how do I extract “{token}” from the response and use it as a parameter in a request to the API? For example in the request to https://api.spotify.com/v1/users/{user_id}…
Generating cryptographically secure tokens
In order to generate a 32 character token for access to our API we currently use: I have read that this method is not cryptographically secure as it’s based on the system clock, and that openssl_random_pseudo_bytes would be a better solution as it would be harder to predict. If this is the case, what wo…
Is an X-Requested-With header server check sufficient to protect against a CSRF for an ajax-driven application?
I’m working on a completely ajax-driven application where all requests pass through what basically amounts to a main controller which, at its bare bones, looks something like this: if(strtolower($…