Reputation: 4114
Simple authentication using Laravel Passport
I'm new to API world.
In mind and based on internet research, I guess this is how basic API authentication works (please correct me if I'm wrong)
Client (like a mobile app), make a request to the server with username/email and password entered from mobile app
Server will validate those credentials and if they are correct, create an access token and send back in response
For all other subsequent requests, client will send that token in the request so that server can authenticate the request
Basically, I want to achieve exact above things in Laravel, so I found that there is a package called Laravel passport which can be helpful:
https://laravel.com/docs/master/passport
What I don't understand is the request parameters to get an access token:
https://laravel.com/docs/master/passport#password-grant-tokens
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => '[email protected]',
'password' => 'my-password',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
I thought to just get an access token just email/username and password are enough parameters. So I'm confused about the extra parameters in the above request.
I read the entire doc but I didn't get that how can I use it to achieve what I want.
So the question is can I use this package for needs? If yes then how? If no then please suggest me some other packages.
Thanks
Upvotes: 1
Views: 771
Answers (1)
Reputation: 855
it is not easy to explain client_id and client_secret in simple and one line. OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows.
The client is the application that wants to access the user's account. Before it may do so, it must be authorized by the user, and the authorization must be validated by the API.
may be you get your answer in this below linkAn Introduction to OAuth 2
Upvotes: 0
Related Questions
- laravel passport optional authentication
- Get authenticated user with Laravel Passport and grant password
- How to Implement OAuth correctly in API with Laravel Passport?
- Laravel Passport without oAuth
- Laravel API passport - Unable to login
- How to use Laravel Passport with Password Grant Tokens?
- laravel passport api authentication
- Laravel Passport Authenticate User To Access API Data
- Typical auth process with laravel passport
- Laravel Passport - Authenticate using postman