OAuth

Categories:

• Auth
• OAuth

Tags:

• Software Engineer
• Tutorial
• Scratch
• Advance
• Auth

Grants Token Type (Recommend)

Authorization Code Grant with PKCE (Proof Key for Code Exchange)

• single page applications
• Browser based application
• native applications

Authorization Code Grant

• server application

Client Credentials Grant Tokens

• machine-to-machine authentication.

Personal Access Tokens

• users issue access tokens to themselves
• WITHOUT authorization code redirect flow

No longer recommend Grants Token Type

Password Grant Tokens

• first-party clients
  • mobile application, to obtain an access token using an email address / username and password.
• We strongly recommend that you use the Authorization Code flow over the Password grant for several reasons.

Implicit Grant Tokens

• JavaScript or mobile applications where the client credentials CAN’T be securely stored
• token is returned to the client without exchanging an authorization code.

Question

Which OAuth 2.0 grant should I implement?

https://oauth2.thephpleague.com/authorization-server/which-grant/

Reference

• Which OAuth 2.0 grant should I use? - OAuth 2.0 Server
• Laravel Passport