Laravel Spark Docs

0 views

Skip to first unread message

Charise Scrivner

unread,

Aug 3, 2024, 4:18:47 PM8/3/24

to verpobudu

You could make an api, which would check if the user exists and returns the login credentials. I don't really understand the question, as Spark is a billing platform, and not an Auth infrastructure. Do you mean login a spark user? The documentation states that you should make a composer auth.json and then use an api token to login your user

Sorry, I'm very new to Spark and Laravel in general. I don't mean to login a Spark user (admin). When the end user visits the site he has to register for an account and subscribe so I figured it should have some auth built-in?Or do I have to use Jetstream separately? Spark Classic had user accounts so I'm not sure what is the way to go with Spark next.

We all start somewhere, so digging deeper into the documentation, we see that it says you should read up the spark middleware documentation -paddle/middleware.html and that you can use laravel cashier methods -paddle#checking-subscription-statusMight I suggest you take a look at =czh8oO7lVx0 this tutorial by Povilas Korop, his channel provides quality free tutorials in regards to Laravel

So you want to setup your own SaaS? Laravel Spark is a fantasic boilerplate to help get you started, but getting started is the hard part. I've personally found that getting it to install correctly first time is somewhat of an art. I've always ran into errors such as: Class 'App\Providers\SparkServiceProvider' not found. Or composer complaining that i don't have the right dependencies and i need to downgrade my version of Cashier etc.

Having tried to fire up a new Spark install with some new updates, i was STILL running into the SparkServiceProvider not found! It turns out that having everything up-to-date is the problem here. This time around it was my version of Composer. I was running 1.6.3 and the latest at the time of writing is 1.9.2

I'm going to reference the Spark Docs a lot here as it does offer great advice, you just need to understand where things go in order to make it all work! So fire the docs up in another tab and let's get started.

At this point you can just follow the Spark docs. It's also the first time you'll be using the spark command in your terminal. If you can register your API token with no problems, it means you've sucessfully added the spark installer to your systems $PATH. If not, go back into your zshrc or bash_profile and double check the paths to the spark installer. You may also have to close down your terminal and open it back up again for it to pick up the changes.

The problems i faced were that my laravel installer was out of date and the path to the Spark installer was pointing to an old version as well as the wrong folder. Its easy to overlook these things, but also easy to fix!

In this case, the unique "resource" in question is your device (Argon, Boron, Photon 2).Every device has a URL, which can be used to GET variables, POST a function call, or PUT new firmware.The variables and functions that you have written in your firmware are exposed as subresources under the device.

For product endpoints, you need to specify which product the API call targets. You can use either the product ID or the short alphanumerical product slug. Get either from the Console. In this example, the product ID is 1337 and the product slug is my-product-v1.

The Particle API accepts requests in JSON (content type application/json) and in form encoded format (content type application/x-www-form-urlencoded). It always replies with JSON (content type application/json).

Use the Import feature to import these two files into Postman. The Particle API file will be updated periodically as new APIs are added, but the environment file is intended to be imported only once and then updated with your settings, like your Particle account username.

It's also possible to enter your username and password in the Postman environment, and also possible to generate the token from within Postman itself. However, these techniques are hard to use if you have multi-factor authentication (MFA) enabled on your Particle account. The CLI and access_token technique above works both with and without MFA enabled.

Just because you've connected your Particle device to the internet doesn't mean anyone else should have access to it.Permissions for controlling and communicating with your Particle device are managed with OAuth2.

Sending the access token in the query string is deprecated and discouraged for new applicationsince many tools log query strings so there's a chance for your access token to be logged in placeswhere you don't expect it. Legacy applications sending access_token=38bb... in the query stringshould be updated to use the HTTP Authorization header. When using a query string in the terminal,enclose the entire URL in double quotes to avoid issues with special characters.

Sending the access token as part of the request body is deprecated since it only works for POSTand PUT requests. Prefer using the HTTP Authorization header since it works for all request types.

You must give a valid OAuth client ID and secret in HTTP Basic Auth or in the client_id and client_secret parameters. For controlling your own developer account, you can use particle:particle. Otherwise use a valid OAuth Client ID and Secret. This endpoint doesn't accept JSON requests, only form encoded requests. See OAuth Clients.

Refresh tokens only work for product tokens, and even then they are not particularly useful. In order to generate a new access token from the refresh token you still need the client ID and secret. Because of this, it's simpler to just generate a new token, and then you don't need to remember and keep secure the refresh token. Also refresh tokens have a lifetime of 14 days, much shorter than the default access token lifetime of 90 days.

An OAuth client generally represents an app.The Particle CLI is a client, as are the Particle Web IDE, the Particle iOS app, andthe Particle Android app. You too can create your own clients.You should create separate clients for each of your web and mobile apps that hitthe Particle API.

Some requests, like generating an access token, require you to specify an OAuthclient ID and secret using HTTP Basic authentication. Normally, when calling theParticle API as a single developer user to access your own account, you can useparticle for both the client ID and secret as in the example above forgenerating an access token.

NEVER expose the client secret to a browser.If, for example, you have a client that controls all your organization'sproducts, and you use the client secret in front-end JavaScript, then atech-savvy customer using your website can read the secret in her developerconsole and hack all your customers' devices.

Use type=installed for most web and mobile apps. If you want to have Particle users login to their account on Particle in order to give your app access to their devices, then you can go through the full OAuth authorization code grant flow using type=web. This is the same way you authorize it is similar to the way you give any app access to your Facebook or Twitter account.

If you use type=web then you will also need to pass a redirect_uri parameter in the POST body. This is the URL where users will be redirected after telling Particle they are willing to give your app access to their devices.

If you are building a web or mobile application for your Particle product, you should use the product-specific endpoint for creating a client (POST /v1/products/:productIdOrSlug/clients). This will grant this client (and access tokens generated by this client) access to product-specific behaviors like calling functions and checking variables on product devices, creating customers, and generating customer scoped access tokens.

Limits the scope of what the access tokens created using the client are allowed to do. Provide a space separated list of scopes. The only current valid scopes are customers:create and *:* for full control.

The Particle Device Cloud uses traditional HTTP response codes to provide feedback from the device regarding the validityof the request and its success or failure. As with other HTTP resources, response codes in the 200 rangeindicate success; codes in the 400 range indicate failure due to the information provided;codes in the 500 range indicate failure within Particle's server infrastructure.

An API user account is a specific type of user account in the Particle platform that is designed to replace using 'human' accounts for programmatic tasks. It allows the creation of tightly scoped users that are unable to do things that machines shouldn't need to do - like log into the console, or administer accounts. This allows you to better enforce the security principle of least privilege.

Currently, API users are created, updated and deleted via the REST API, and are visible in the console, in either the product team or organization view.API users cannot log into the console, administer users, receive emails - or generally do other things that are reserved for humans.

The API User Tutorial has interactive controls in the web page that allow you to easily create, list, and delete API users for products and organizations. These controls allow you to both easily perform these operations on your account, and also learn how the APIs work, without needing to use curl or Postman.

Use an access token with permission to create users in your organization or product (administrator account).Pass a request to the relevant endpoint with a friendly name, and the desired scope(s) for the user.

The Particle API documentation includes the required scopes needed to call a particular API function. To determine which scope(s) to assign your API user, determine the minimum set of API functions they should be able to call.

To modify the permissions associated with an API user, you must update the scopes via the REST API. Remember, when scopes assigned to a user change, the access token is updated and a fresh token is returned, to avoid scope creep. Depending on the scenario, it may be optimal to create a fresh user with updated permissions first, update the access token in use by the script/code/function, and then delete the old user.To update the API user, you pass in the full username, in this case example-api-u...@api.particle.io.