What is a Laravel Passport?
The Laravel Passport is a package provided by the Laravel community that transforms your Laravel application into an OAuth 2.0 Server. With Laravel Passport you can use just one set of credentials to login into your OAuth-compliant applications using the Laravel website’s credentials.
Passport or Sanctum Authentication
When looking out for authentication methods, you need to be sure about the approach that you wish to go for. Here is a brief about both Laravel Passport and Laravel Sanctum libraries to help you choose which one would be the best for you.
Laravel Passport is an OAuth server implementation that provides OAuth authorization for your application. In contrast, Laravel Sanctum is an authentication library that provides cookie-based authentication for Single page applications as well as "simpler" token-based authentication for OAuth clients that require it (e.g., mobile apps).
miniOrange Passport Add-On
To use the Laravel Passport package by Laravel, one has to do manual configurations, which is a tedious process. The miniOrange Laravel Passport Add-On is an automated solution to convert the Laravel website into an OAuth 2.0 Server without any manual configuration, unlike passport.
It also provides you with additional endpoints like user info endpoint (automatically provided in the package like the passport), OpenID connect endpoint (well-known endpoint), etc.
User-info Endpoint
The UserInfo endpoint is an OAuth 2.0 protected resource from which client applications can fetch assertions, or consented claims, about the logged-in end-user. It accepts the access token as the Bearer token in the Authorization header and validates it.
It then fetches the user information corresponding to the access token and returns it as a JSON response. The client application then uses this information for user lookup, user update, and session creation.
OpenID Connect well-known Endpoint
The OpenID Connect well-known endpoint can be used to get metadata about your Identity Server which will return information about the OAuth/OpenID endpoints, issuer URL, supported grant types, supported scopes, and key material along with claims in the JSON format.
These details can be used by the clients to create an OpenID server request. The well-known configuration URL is accessible via /.well-known/openid-configuration, in relation to the issuer URL.
How does the package work?
- Get the Laravel Passport Add-On, by contacting us at laravelsupport@xecurify.com.
- Install the Laravel Passport Add-On, which will automatically do all the configurations required (hence automating the manual configurations).
- Then you can create any number of OAuth clients by providing the Redirect/callback URL from your client application.
- You will then be provided with the Client ID and Client Secret which you can configure in your client application and get your OAuth implementation working.
- The Userinfo endpoint will be used to get information regarding the logged-in user for further use.
Prerequisites: You should have the Laravel Passport package installed in your project directory
You can get OAuth Server implementation working by following the below steps:
Get in Touch With Us
Need Help? We are right here!
