Search code examples
laravellaravel-passport

In which cases using of laravel passport gives some advantage?

I read https://laravel.com/docs/6.x/passport now and it is clear technically, but in which cases have I to use it to get advantage comparing with laravel native auth or jwt/auth I worked before?

1) In config/auth.php 'guards' we set which auth driver would be used in the app and it can be only 1 set. I mean we can not set passport and jwt/auth in 1 app?

2) Looks like passport can be used in case when we use blade page and form is submitted as we do in blade page as :

   <form method="POST" action="{{ route('register') }}">
       @csrf

I suppose there is no difference in blade forms definition using passport intead of native auth?

3) Also, passport can be used instead of jwt/auth in backend rest API and there is no difference in work of clients app using this backend rest API ?

4) Is passport better/has some advantage in both cases or it is just one more replacement?

5) Please give some examples in which passport can be used / got advantage of using it may be in some other app types?

Thanks!

Solution

  • Laravel Passport is a Laravel package that allows you to integrate the OAUTH2 protocol into your application.

    This means that when you want other services to retrieve user data from your application, or add data, they can request access for users. Users can give permissions for certain actions by clicking a button on the external site, logging in on their account on your Laravel site, and allowing access for the external service. Users are then redirected back to the other website, and after a few requests between the two servers, the external service now has the requested permissions to read or alter user data. This protocol is almost always used whenever you click "sign on with ..." since all large social media platforms have OAUTH2 integrations.

    To answer your questions:

    1. I believe this question: Laravel combine Passport authentication and normal authentication will answer your question.
    2. Passport sits on top of default Laravel auth and needs this to authenticate requests. So users still have to have an account on your site to allow other websites to access your account.
    3. There are big differences in how normal API auth works, and how Passport works. The biggest difference is that normal API auth should only be used for your site, not for external sites to fetch user data from your API. With OAUTH2, users can give certain permissions to websites, and using tokens, these external sites can perform certain actions on your site.
    4. If you want to allow other sites to fetch account information from your site, you should implement Passport, if not, then using Passport has no large advantages.
    5. Examples are things like Sign in with Google, or with Facebook, Twitter or GitHub, Even stackoverflow has an OAUTH2 implementation. Services can, for example, create new Facebook posts for a user, request all twitter posts from the last year or create a new issue in Github.