Add a Laravel Passport Provider #157
Conversation
|
I ended up copying most of the |
|
naming this |
|
That is a good point. I would hesitate to call it |
|
I vote for |
| @@ -99,6 +99,7 @@ export default class Oauth2Scheme { | |||
| const data = await this.$auth.request({ | |||
| method: 'post', | |||
| url: this.options.access_token_endpoint, | |||
| baseURL: false, | |||
There was a problem hiding this comment.
This may introduce breaking changes! Why we need to disable axios baseURL?
There was a problem hiding this comment.
So currently, if you add a baseURL to the main axios module config it will prepend it to all request to relative paths. If you provide a full URL, this is ignored.
For hitting external sites like Google or Facebook, the baseURL is ignored because they would use a full URL. However, with the addAuthorize method, we add a serverMiddleware that will append the client secret and proxy the authentication request. If there is a baseURL set in the axios module config, this request will go to that URL instead of the nuxt.js server. Setting baseURL: false just tells axios to ignore the default baseURL and send it relative to the current page.
Basically, if we are serving our site from example.com and axios has baseURL: 'api.example.com' set, the auth request would go to something like api.example.com/_auth/oauth/passport/authorize which may or may not exist. If we set the baseURL to false, the auth request would go to example.com/_auth/oauth/passport/authorize where the Nuxt server would handle it with the serverMiddleware.
There was a problem hiding this comment.
Thanks for detailed explanation. Seems reasonable.
|
@pi0 I beg to differ about adding a Laravel Passport provider into the core of the module. IMHO - we should only maintain and integrate well-known authentication providers. I feel like that solutions like Laravel Passport are meant to be extensible and have many edge cases even if it is built upon OAuth. This will introduce some complexity in our maintenance process for multiples reasons (Laravel Passport updates, users using customized responses, there multiples ways to interact with authentication through JavaScript using Laravel Passport and it is going to lead to issues asking us on how to integrate it further). I won't be surprised if Laravel Passport implement new authentication flows in the future. |
|
@breakingrobot Laravel Passport is built on league/oauth2-server which should be OAuth 2.0 spec compliant. The more I think about it, it might be better to update the oauth2 scheme (and maybe the local scheme?) to automatically use |
|
@breakingrobot I agree about complexity level of maintenance when adding more and more providers. But laravel-passport is a well-known one and if they (at least try to) implement oauth2 spec. that decreases chances of breaking changes. |
|
@jmschneider Thanks for your contribution on laravel integration. However we can do more refactors, I will merge it to see the users feedback. BTW more docs and maybe pointing to a starter template would be more than awesome. We can transfer starter template to |
This would add a "passport" provider for easy integration with Laravel Passport.