Closed Patskimoto closed 5 years ago
Can anyone shed any light on this?
+1 for this - I don't need the access token returned by Passport to be a JWT, just a standard access token/refresh token I can store with the client.
At the moment the access token which comes back is huge and therefore won't fit in a cookie.
It would be amazing if there was some way to configure passport to generate plain access tokens, the only reason I can think of why they are JWTs by default is so an app can consume itself using the Vue scaffolding as seen in this video: https://laracasts.com/series/whats-new-in-laravel-5-3/episodes/13
Laravel Passport uses the PHP League's OAuth 2.0 Server package underneath. When generating HTTP Responses when issuing access tokens, this packages automatically embeds the token in a JWT. Because of the way JWT is so connected and implemented in Passport I believe it would be very hard or even impossible to adapt it in a way that it could be used with plain access tokens.
So basically this is not something Passport will be supporting anytime soon, sorry.
From my understanding, Passport issues JWT tokens to the user - I keep seeing OAuth 2 examples with access tokens that are around 40 - 60 characters in length. Currently, my bearer tokens are around 1070 characters long, which is way more than I'd like. When creating my private & public key for passport I tried changing to the bit of the key to 1024 which reduced it to around 550 but from my understanding if I want a very short token I need to use a solution other than JWT. So my question is, is Passport explicitly tied to JWT tokens and with the Laravel Passport implementation is it in any-way possible to reduce the token size?
Thanks