vendredi 29 juin 2018

Laravel Passport - which grant to use for my users apps?

I have application where users can register and add their own applications (websites, mobile applications).

For each of these applications, I want to give access to my API and allow to get products form my database.

For example: User X signup in my app, adds his blog user-X-blog.com and get access token. Next he can call to my API and get some products to show on his blog post.

Which grant should I implement to make my API based on Laravel Passport safe and useful (each user application with its own token, no user login required to make api call, long-lived tokens)?

Is it good idea to create for each user apps dedicated client and use client credentials grant? It doesn't look very safe for me (or maybe I'm wrong).



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire