Reputation: 103
Best way to authenticate and identify individual screens in a Laravel API using Passport
I'm fairly new to Laravel, and I'm working on a project for independent restaurants to have ordering screens (similar to those at McDonald's).
This is an API-based application, and I'm using Laravel Passport to authenticate users. A restaurant manager can add multiple screens, and I want the workflow for adding a new screen to be as follows:
- The manager logs into their account.
- They add a new screen through the system.
- They go to the physical screen and open the login page in a browser.
- They authenticate the screen.
- The screen then starts displaying the menu.
The screen will use a webpage to show the menu and communicate with the API.
I was considering using a Personal Access Token (PAT), but I’m unsure whether I can "forward" the token from the manager’s device to the screen securely. I don’t think I can use a Client Credentials Token since I need to identify which screen is making API requests.
Question:
What would be the best approach to authenticate and identify individual screens in this scenario? Are there better authentication mechanisms I should consider?
Thanks for your help!
Upvotes: 0
Views: 30
Answers (0)
Related Questions
- Laravel Passport API: createToken get id
- How to logout a user from API using laravel Passport
- Issue with creating an API with laravel and laravel passport
- Laravel 5.6 - Passport JWT httponly cookie SPA authentication for self consuming API?
- Laravel API Authentication (Passport) Implicit Grant Tokens - 401 error
- Laravel Passport: use api guard for passport specific routes
- Laravel Passport API: Retrieve Authenticated Token
- Laravel and Passport, random 401 errors