nandi95
commented
4 years ago Can you elaborate on what's the benefit of changing to airlock from the jwt-auth package?
Closed ghost closed 3 years ago
nandi95
commented
4 years ago Can you elaborate on what's the benefit of changing to airlock from the jwt-auth package?
ghost
commented
4 years ago nope ) this is soft from the box, appropriate support in example
yurii-github
commented
4 years ago this "airlock" will go "poooof" because noone in sane mind would change oauth2.0 on some crap like that
AngelinCalu
commented
4 years ago @yurii-github this repo uses https://github.com/tymondesigns/jwt-auth which has 440 open issues at the moment When talking about changing "oauth2.0 on some crap like that" I supposed you were thinking about laravel/passport, which is a full OAuth2 server implementation.
laravel/airlock proposes two ways of going for a SPA behavior: stateful or stateless depening on the needs, so that's definitely something to consider.
yurii-github
commented
4 years ago e-em, no. JWT is JWT, I personally will use directly "firebase/php-jwt" package after I get this SPA template to work in dev mode somehow... hopefully :/
no, i have not used "passport" but it looks as a good wrapper.
About "stateful or stateless" - can you show me at least one use case for it, i see none. JS works with session w/o problem, etc.About state.. SPA loads once and its state is on client, that's the main purpose of SPA
AngelinCalu
commented
4 years ago About JWT: AFAIK "laravel/passport" is built on top of "firebase/php-jwt": https://github.com/laravel/passport/blob/4c163b7821d29b6166fc2e93ad7649428b51c6db/composer.json#L19
Haven't found time to test it, but as I understood, Airlock is taking a different approach. When having your front-end served from the same server (basically when you don't have to think about CORS - same approach as in this package) you can use your basic auth flow like in a MPA (session based), and use Airlock to supply the csrf token for you, so that you won't need to refresh the page to get a fresh one.
AngelinCalu
commented
4 years ago This article explains things pretty good: https://divinglaravel.com/authentication-and-laravel-airlock
scoliono
commented
4 years ago fyi, the package has been renamed to https://github.com/laravel/sanctum, seemingly on a whim.
jimohalloran
commented
4 years ago By "on a whim" you really mean, "because someone threatened a lawsuit".
https://blog.laravel.com/airlock-renamed-to-sanctum https://twitter.com/taylorotwell/status/1240672335004348420
cretueusebiu
commented
3 years ago I've published a new branch for Laravel Sanctum if you want to test it. Now I'm wondering if I should merge it in master or not... 🤔
cretueusebiu
commented
3 years ago Moving to #325
https://github.com/laravel/airlock jwt going to past also it makes simple refresh tokens ))))