right now i have FrontEnd writed in VUE JS, and backend in Laravel, in frontend i have Registration and Login with send request to /api/auth/login
with run LOGIN function where i using client_secret from ConfigFile, with is perfect
but main problem is my Backend is sending CURL on same server ( and i think this is wrong and time consuming ) 1. Frontend send POST request to /api/auth/login ( username, password ) 2. BackEnd - send CURL to /api/oauth/token ( username, password, client_secret )
is there any better way doing this to HIDE client_secret ?, or get oath token directly from /api/auth/login ?
Login function code:
$http = new Client([
'verify' => false,
'timeout' => 5, // Response timeout
'connect_timeout' => 5, // Connection timeout
'peer' => false
]);
try {
$response = $http->post(config('services.passport.login_endpoint'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => config('services.passport.client_id'),
'client_secret' => config('services.passport.client_secret'),
'username' => $request->username,
'password' => $request->password,
]
]);
return $response->getBody();
} catch (BadResponseException $e) {
$msg = 'Something went wrong on the server';
switch($e->getCode()) {
case 400:
$msg = 'Your credentials are incorrect. Please try again.';
break;
case 401:
$msg = 'Your credentials are incorrect. Please try again.';
break;
}
return response()->json($msg, $e->getCode());
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire