Hey, this is me trying to briefly pan out a practical demo of the OAuth 2.0 framework as implemented by the League OAuth2 Server and built upon by Laravel Passport.
OAuth is simply a token based authorization framework. The current standard being OAuth 2.0.
Primarily, it permits a client to access protected resources with the help of tokens. How this token is gotten by a client and processed by the resource server may differ, depending on the use case.
With the League OAuth2 Server, there are basically 5 ways a token can be issued.
- Authorization code grant approach - further divided into
- Standard Approach
- PKCE Approach
- Client credentials grant approach
- Implicit grant approach
- Resource owner password credentials grant approach
- Refresh grant approach
For more on the terminologies and use case, you can check out it's documentation at https://oauth2.thephpleague.com/
For this demo, I will be using the Authorization code grant (Standard Approach).
For Demo purposes only. Emphasis was not placed on security on my end.
MIT License