I am developing API Laravel API for a mobile application and decided to use Passport for authorization. Not quite figured out some points.

  1. As I understand it, Passport implements an OAuth server. It also provides an interface on Vue.js for creating clients and issuing tokens. But it's not entirely clear who these users are who will create OAuth clients and use the interface. Are these resource administrators or real users of a mobile application?

  2. Who should be my API - a third-party Passport'a client or is it a single resource? I noticed that in many tutorials people implement Passport next to the API . Is this normal?

The ultimate goal of what I want to achieve is to create an authorization system through the API , without mixing the Web component, and most Passport'a routes have web,auth midlvers.

I would be grateful for the advice.

    1 answer 1

    create an authorization system through the API, not mixing the Web component, and most of Passport's routes have web, auth midlvers.

    You have trouble understanding the OAuth protocol. On the contrary, he redirects the user to the authorization form (web) of the parent service and enters personal data there, and not in third-party applications. Then gives the tokens with which you can access.

    If your application directly requests authorization data from the client, try https://gistlog.co/JacobBennett/090369fbab0b31130b51 (Bearer Auth)