mardi 7 février 2017

Appropriate Passport(OAuth2) Grant type for login->authorize flow

I am building an application which exposes an REST API. The application has distributed plugins for various web platforms that can consume this API.

At first I've built my own auth protocol which is okay, but now I am converting to the more robust OAuth2 in the form of Laravel Passport.

I want the user to be able to click "Connect" on the plugin then:

  1. login/sign up pop up (eg. http://ift.tt/2k110Xq)
  2. authorise or not screen
  3. receive token via window.opener.postMessage

I want to avoid having the user(non-developer) create OAuth Clients.

Questions are:

  1. Should I use password grant token or refresh token?
  2. Is there a point for redirect_uri if my goal is to auto-close the auth window pop-up upon authorization?


from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2k0WdWe
via IFTTT
Publié par à
Libellés : ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)