Laravel – Passport – Single Page Application – Implicit grant token
I’m creating an API with Laravel.
First, I want to use it with a SPA in react, managed by Laravel (same domain than my API). Later, I want the API to be able to use with an Android App.
For now, I’m just trying to auth a user. I try to use passport, because with it I will be ready for the Android App.
I understand, because of it’s a SPA, I can’t store a oauth client secret in JS so I have to use “Implicit grant token”.
My app have a route /redirect for access to the login page. From the login page, the user should be able to give an email/password. And now, I just don’t understand what is next.
I think, on submit from the login page, the SPA must call my auth API for try to check the email/password. If it success, my API must return an access_token. With the access_token I can call every protected routes of my API.
Is it correct ? If yes, why I have to use the /redirect route ? I don’t understand how I can create an access_token with passport. Can you help me ?
How can I use it without refresh_token ?
from Laravel Questions and Answers https://laravelquestions.com/laravel/laravel-passport-single-page-application-implicit-grant-token/
via Lzo Media
No comments:
Post a Comment