php - Basic Auth after separating API From Laravel Web App -

i'm refactoring code extract apis controllers.

thing in apis, common need know role has user can display correct data, need user's data.

my first idea authenticate api access basic auth based on user / password.

my first idea implement filter put apis inside same routes group.

middleware looks like:

class simpleauthmiddleware {     /**      * handle incoming request.      *      * @param  \illuminate\http\request $request      * @param  \closure $next      * @return mixed      */     public function handle($request, closure $next)     {         return auth::oncebasic('email') ?: $next($request);     } } 

it worked, when executing request, basic auth popup came bother me in middle of navigation.

then, tried use guzzle that:

$response = $client->request('get', '/tournaments', [         'auth' => [auth::user()->email,                    auth::user()->password]     ]); 

i had problem implement it, work uncrypted password, , have bcrypt password on database. besides, manage users coming socialite authentication google / facebook, , users have no password.

then thought put token each user, , implement token security api. token great grant or not access api, me, should not used retrieve user data. if choose 256 char token, exists remote posibility 2 user same token. beside, means should make query in each api call user info.

so need is:

1. have secure way both autenticate user in web app , apis acces
2. have access auth::user() inside apis

what need simple stuff, problem doesn't seem complicated. saw laravel spark handle jwt, try wait till spark release. meanwhile, idea how should it?

the way implementing jwt. quite easy make work this plugin

follow tutorial : token-based authentication angularjs , laravel apps

understanding jwt: the anatomy of json web token

you can use auth0 apis quite easily. it's free small systems.