3
Personal,
I’m looking to develop a PHP API (Laravel) to consume it both on my SITE (angular) and on the mobile applications I’m still developing. However, I am having trouble implementing a secure authentication that allows updating user session time.
I already did a search and noticed that the staff recommends using OAUTH 2 with Grant type PASSWORD or IMPLICIT. However, since it is a javascript application, I cannot make client_secret available, making Grant type PASSWORD impossible. I could not use Grant type IMPLICIT either, because of the absence of REFRESH_TOKEN (which also needs to pass client_secret).
I cannot think of a solution to the problem and I count on the support of the community to find a solution.
Note: Only applications developed by me can access the API resources.
Do you know the JWT (JSON Web Tokens)? I recommend you to do a search, it seems that it would work for your project
– wdarking
You can help: https://laravel.com/docs/5.3/passport
– gmsantos
With the launch of Laravel 5.3, it became much easier, as the colleague above quoted you find everything you need in the manual.
– geekcom
But... if you prefer to go your own way, I recommend two libraries I’ve been using for a long time: JWT - https://github.com/tymondesigns/jwt-auth e Guzzle, PHP HTTP client - https://github.com/guzzle/guzzle
– geekcom