Hello,
I followed many guides and learned how to make a simple web API using this awesome framework.
The only problem i am facing right now is how to create an authentication token that will identify each request and map it to a user.
Currently i have this authentication method which takes an apiKey value from the DB and return the details if the key exists.
public function authenticate($apikey)
{
$user = Customers::where('apikey','=',$apikey)->take(1)->get();
if(!isset($user[0]))
{
return false;
}
$this->details=$user[0];
return ($user[0]->exists) ? true:false;
}
I can generate this random key and store it in the DB with an expiration date as the following:
$tokenValue = bin2hex(openssl_random_pseudo_bytes(8)); //generate a random token $tokenExpiration = date('Y-m-d H:i:s', strtotime('+1 hour'));//the expiration date will be in one hour from the current moment
there are 2 problems with this approach:
1 - there is a possibility of repeated key in the DB which will mix the orders and might get another user instead.
2- I will need to refresh this token often by making the users sign in everytime which is understandable for a website or web application but not for mobile app.
I don’t require high security like banks or sensitive data systems , but i would like to make the app secure and quick to use at the same time.
Can someone kindly guide me to the best approach to handle this problem?