I need to use an external API to authorize users of my Laravel app. I would like to use most of Laravel's auth scaffolding. Ideally I would not use a local database, but I'm flexible.
I'm aware of a few different approaches - using custom UserProvider, storing users locally, etc - but I'm looking to get some insight from more experienced users. Here are my thoughts:
- Fetch all information from remote API, do not use local database. PROS: do not need to sync two different stores of data (API and local users table). CONS: Password Reset requires a local DB to store tokens. Security issues storing information in sessions, or speed issues if repeated API calls are needed to keep current with API data.
- Initially fetch all user information from API and store in local database. PROS: Can use most of Laravel's built in scaffolding out of the box and use events to manage API. Speed and security using only local DB once authorized. CONS: data between API and local will be different and require extra work to keep them synced (I've mapped this out and it presents a bunch of issues)
- Some sort of combination of both. Maybe, post-authorization I store a local token & email in the DB, and the rest comes from the API. I haven't really thought this thru.
I've spent a lot of time looking for someone who has already built API-based scaffolding for Laravel, but only found bits and pieces. I would have expected something built-in to Laravel, but maybe this is not a common use case.
Anyone have any insight?
