0

i'm building a WEB API with laravel and output only JSON. right now i'm struggling with authentication process, my question is:

  1. if i use JWT do i need OAuth2.0?

  2. if i use JWT do i need to make a view / layout for user to POST the login credential then set the Bearer token? if no need to provide a login screen then how can we get the login credential from user?

  3. if i use JWT what is the standard TTL duration for real world api?

  4. if i use JWT how can i passing the "refreshed token" to the HTTP Header Authorization, without using JS? (because i only output the JSON response then i think there is no space for javascript "< script >" tag to be in place.)

i am using postman to test my API so i really confuse about what or how to push the project into real world. PLEASE REALLY..., PLEASE correct me if i'm wrong developing the API and if there is any source of reading material please tell me the links. Thank you very much.

JSON4Live
  • 405
  • 1
  • 4
  • 13
  • This should help you. If you use JWT, then this has nothing to do with Oauth, they are 2 different things. https://stackoverflow.com/questions/32964774/oauth-or-jwt-which-one-to-use-and-why/32965033#32965033 – Gravy Jun 21 '17 at 08:57

1 Answers1

1
  1. No.
  2. No, you can send json fields.
  3. No standard TTL duration, you can set what you like.
  4. You can issue a request with HTTP Header Authorization in PHP.
Cong Chen
  • 2,436
  • 12
  • 21