Laravel 5.4 passport password grant tokens

Question

I am learning laravel 5.4 api authorization chapter. I have a question about password grant tokens. The doc said this is for my other first-party clients. And now I build an api service, it uses OAuth2. Now I want to build my front end website, and I want to use password grant tokens. So in my understanding, like login, I will send an ajax request including username,password,grant_type,client_id,client_secret,scope to /oauth/tokens to get access token. Should I just put client secret in my js code directly? Because if not, I don't know where to store my client secret, someone can help me? Thanks.

Answer 1

Laravel Passport requires understanding about OAuth so I think it better to understand it first before using passport.

So in my understanding, like login, I will send an ajax request including username,password,grant_type,client_id,client_secret,scope to /oauth/tokens to get access token

Please take a look at this.

Should I just put client secret in my js code directly

Yes. To explain briefly, once you installed laravel passport. It will generate tables in your database, you will use oauth_clients table to store the data for clients.

For simple authentication like getting information, you only need oauth_clients.id, oauth_clients.secret and oauth_clients.redirect data. You can create new data by using php artisan passport:client

I recommend to try it and you will encounter problems soon that can easily be fixed. Goodluck

https://laravel.com/docs/5.4/passport