Reputation: 3971
Central Laravel Passport with multiple Client Applications
Beeing new to OAUth and Laravel Passport, I have fundamental questions which I couldn't figure out with own research.
I will build multiple laravel consumer websites (consumerapp1.test, consumerapp2.test, consumerapp3.test) which all will use the central auth server build with laravel passport (passport.test). The consumer applications should use the central auth for authentication & authorization to the own backend as well as for authentication & authorization among each other.
I could install passport on passport.test and it works to request access_tokens from consumerapp1.test on passport.test.
So I get this response:
{"token_type":"Bearer","expires_in":31622400,"access_token":"eyJ0eXAiOiJK.....","refresh_token":"def502001b..."}
But what now?
Where do I store this token?
Do I have to install laravel passport on each consumer App? (Hmm as much as I understand OAuth2, I should make one central server, not multiple ones).
If I want to make a request from consumerapp1 to consumerapp2, how will I do that? something like:
- make a request from consumerapp1.test to passport.test to get a token.
- take this token and make a request at consumerapp2.test?
Thank you very much for pointing me to the right direction.
Upvotes: 1
Views: 1909
Answers (1)
Reputation: 3971
Just if someone's on the same path.
What I found out:
1. You make a request from consumerapp1.test to consumerapp2.test.
2. consumerapp2.test redirects to passport.test for authentication (*).
3. if authentication was ok, passport.test will send an authorization code to consumerapp1.test (*).
4. consumerapp1.test makes a request to passport.test to get an access_token (*).
5. passport.test sends an access_token to consumerapp1.test (*).
6. consumerapp1.test sends a request with the access_token to consumerapp2.test (*).
7. consumerapp2.test makes a request to passport.test to check the access_token.
8. consumerapp2.test responds to the request from consumerapp1.test.
As you see, it's not that easy but quite possible.
(*) only necessary on the first request, as the access token should be stored in consumerapp1.test.
BUT I've found out, that OAuth2 in it's basic form is just for Authorization and not for Authentication. If you need Authentication as well, take a look at OpenID Connect.
Upvotes: 2
Related Questions
- Laravel Passport Scopes
- Multi Auth with Laravel 5.4 and Passport
- Issue in passport implementation in multi tenant laravel application
- Single Laravel OAuth server for multi Laravel projects
- Laravel Passport, multiple connexions via password client
- Laravel 5.3 and Passport. Trying to create a single client for an API
- Using Laravel Passport with mobile application
- Laravel Passport client_credentials
- Using client credentials middleware for all API requests
- Laravel passport oauth multiple database connection