You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
I've been working on a single page app that uses the API. Now I want to use oauth2 flow for single page apps, and from what I understand, the recommendation is to register a public client (one without a secret). Laravel passport seems to have support for it, but in my Firefly-III installation, the secret is mandatory, so I can't create a public client.
Solution
Allow clients without secrets (Ideally force them to use PKCE).
What are alternatives?
I could keep using a personal access token, or search for other alternatives such as having part of my application running on a server.
Good suggestion. This will take some changes on Firefly III's side, support for this has been added to Passport only after I started using it. I'll see what I can do.
Description
I've been working on a single page app that uses the API. Now I want to use oauth2 flow for single page apps, and from what I understand, the recommendation is to register a public client (one without a secret). Laravel passport seems to have support for it, but in my Firefly-III installation, the secret is mandatory, so I can't create a public client.
Solution
Allow clients without secrets (Ideally force them to use PKCE).
What are alternatives?
I could keep using a personal access token, or search for other alternatives such as having part of my application running on a server.
Additional context
Bonus points
Recommendations for OAuth2 for browser based apps: https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-06
Laravel passport documentation: https://laravel.com/docs/7.x/passport#creating-a-auth-pkce-grant-client (I can't find if PKCE is mandatory for public clients)
The text was updated successfully, but these errors were encountered: