Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

get ready for the new Taylor package #231

Closed
ghost opened this issue Jan 13, 2020 · 11 comments
Closed

get ready for the new Taylor package #231

ghost opened this issue Jan 13, 2020 · 11 comments
Labels
enhancement

Comments

@ghost
Copy link

ghost commented Jan 13, 2020
edited by ghost

https://github.com/laravel/airlock
jwt going to past
also it makes simple refresh tokens ))))
@nandi95
Copy link
Contributor

nandi95 commented Jan 13, 2020

Can you elaborate on what's the benefit of changing to airlock from the jwt-auth package?

@ghost
Copy link
Author

ghost commented Jan 13, 2020

nope )
this is soft from the box, appropriate support in example

@yurii-github
Copy link

this "airlock" will go "poooof" because noone in sane mind would change oauth2.0 on some crap like that

@AngelinCalu
Copy link

@yurii-github this repo uses https://github.com/tymondesigns/jwt-auth which has 440 open issues at the moment
When talking about changing "oauth2.0 on some crap like that" I supposed you were thinking about laravel/passport, which is a full OAuth2 server implementation.

laravel/airlock proposes two ways of going for a SPA behavior: stateful or stateless depening on the needs, so that's definitely something to consider.

@yurii-github
Copy link

e-em, no. JWT is JWT, I personally will use directly "firebase/php-jwt" package after I get this SPA template to work in dev mode somehow... hopefully :/

no, i have not used "passport" but it looks as a good wrapper.

About "stateful or stateless" - can you show me at least one use case for it, i see none. JS works with session w/o problem, etc.About state.. SPA loads once and its state is on client, that's the main purpose of SPA

@AngelinCalu
Copy link

About JWT: AFAIK "laravel/passport" is built on top of "firebase/php-jwt": https://github.com/laravel/passport/blob/4c163b7821d29b6166fc2e93ad7649428b51c6db/composer.json#L19

Haven't found time to test it, but as I understood, Airlock is taking a different approach. When having your front-end served from the same server (basically when you don't have to think about CORS - same approach as in this package) you can use your basic auth flow like in a MPA (session based), and use Airlock to supply the csrf token for you, so that you won't need to refresh the page to get a fresh one.

@AngelinCalu
Copy link

This article explains things pretty good: https://divinglaravel.com/authentication-and-laravel-airlock

@scoliono
Copy link

scoliono commented Mar 21, 2020
edited

fyi, the package has been renamed to https://github.com/laravel/sanctum, seemingly on a whim.

@jimohalloran
Copy link
Contributor

By "on a whim" you really mean, "because someone threatened a lawsuit".

https://blog.laravel.com/airlock-renamed-to-sanctum
https://twitter.com/taylorotwell/status/1240672335004348420

@cretueusebiu
Copy link
Owner

I've published a new branch for Laravel Sanctum if you want to test it.
Now I'm wondering if I should merge it in master or not... 🤔

@cretueusebiu
Copy link
Owner

Moving to #325

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yurii-github @jimohalloran @cretueusebiu @scoliono @AngelinCalu @nandi95