Setup OAuth on the acceptance environment for the Repair Tool

[cyrildewit]

Analysis

There are different grant types available to authorise users to the REST API. Which one should we use for the authorisation flow of the Repair Tool.

Acceptance criteria

• Best security practises should be followed.
• Authorisation method should be similar to how users can sign in/up for the web application.

Resources

• https://oauth2.thephpleague.com/authorization-server/which-grant/.
• https://www.scottbrady91.com/oauth/client-authentication-vs-pkce
• https://developers.onelogin.com/openid-connect/guides/auth-flow-pkce

Advice

The grant type that we will use to authorise users from the Repair Tool will be Authorization Code Grant with PKCE. The legacy alternative would be Password Grant, but this is not recommended anymore. See https://oauth2.thephpleague.com/authorization-server/which-grant/.

This flow is considered best practice when using Single Page Apps (SPA) or Mobile Apps. From Onelog.com

Design

Realisation

Tasks

• [x] Create OAuth client for the Repair Tool on the acceptance environment. Run php artisan passport:client