I am creating a niche community site+forum where users can sign up, log in, create posts and follow each other.
My tech stack consists of backend APIs in Laravel (using Laravel passport), and a front-end in Vue.js / Nuxt.
I can access all the APIs through Postman, where I call http://localhost:8000/oauth/token to request the token https://laravel.com/docs/master/passport#requesting-password-grant-tokens and then subsequently, I call an API using the provided access_token / bearer token, like http://127.0.0.1:8000/api/v1/tags
My question is, do I NEED a full oauth flow -- my front-end will indefinitely need access to the backend APIs / data in Laravel, but how does the client get access to the data without going through a 2-way handshake with each user session, which seems like overkill? Do I need a Password Grant Token, an Implicit Grant Token, a Personal Access Token, something else? How do I "whitelist" my front-end javascript client while also somewhat protecting my data from bad use?
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2ZihSwD
via IFTTT
Aucun commentaire:
Enregistrer un commentaire