52

I am kind of confused about recognizing the discrepancy between Laravel Passport and tymondesigns/jwt-auth package. Do they actually serve the same purpose of API authentication via tokens? As long as Laravel Passport was introduced in 5.3+, is one supposed to use Passport instead of tymondesigns/jwt-auth package in the latest versions?

Shahroq
  • 969
  • 1
  • 8
  • 15

2 Answers2

79

The "tymondesigns/jwt-auth" is a PHP Laravel implementation of the JWT protocol. On the other hand, Passport also uses JWT by default plus a huge extra, a complete Oauth2 implementation. Regarding the functionality, as I said they both use JWT thus you can use whichever you like to authentication via tokens. They both do their job and you'll have a secure API tokens implementation.

The difference comes if you would like a lightweight API tokens implementation or the plus of the Oauth2 server to allow more and other apps to communicate with your app. One of the most common cases would be how some random apps ask Google or Facebook for your user information. If you implement the Oauth2 server your app would allow any other app with a proper token to ask for data from your app.

"[...] Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server that is maintained by Alex Bilbie." from https://laravel.com/docs/master/passport

For more details, I have made an explanation of Laravel Passport, JWT, Oauth2, and Auth0.

ibitebyt3s
  • 2,992
  • 2
  • 15
  • 25
  • 1
    If i build SPA, without third party apps, do i need all this OAuth or what? Cannot understand what to use, or simple ajax with cookies is ok? I making admin dashboard with reacts. Thanks! – andymcgregor May 09 '18 at 19:56
  • 9
    How exactly is Laravel/Passport more secure than tymondesigns/jwt-auth? – Texas Tom May 15 '18 at 18:39
  • @teMkaa First than anything, I'm have never built a webpage as how you want to build it. Though I understand the problem and the required skills. Taking that into account... I would take the Ajax route because I assume you have already implemented the Auth with the default Laravel Auth. With that method you will have IMO the most straight forward way . This is good or bad depending on the grade you want to scale your app. With Passport you will have a very fast scaling option and pretty much the same process of verification. JWT is not an option because you already have other type of auth. – ibitebyt3s May 16 '18 at 06:09
  • 1
    @TexasTom after thinking for a while I now believe that they offer if not the same, a very high level of security. They both use JWT (One is JWT). They are community maintained. They both depend in you for its security. I'll edit the answer with the proper changes. Thanks for the details question :) – ibitebyt3s May 16 '18 at 06:17
  • 1
    Thank you. A simple explaination. – Adam Apr 26 '22 at 18:01
0

2021, Dec. Laravel Passport does not sopport PHP 7.4. "psr/log" demands PHP 8. In case of PHP 7.4, use other solutions than Laravel Passport.

Andreas
  • 247
  • 4
  • 12