New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a Laravel Passport Provider #157

Merged
merged 6 commits into from Apr 28, 2018

Conversation

Projects
None yet
4 participants
@jmschneider
Contributor

jmschneider commented Apr 26, 2018

This would add a "passport" provider for easy integration with Laravel Passport.

@jmschneider

This comment has been minimized.

Contributor

jmschneider commented Apr 26, 2018

I ended up copying most of the addAuthorize function from lib/providers/_utils.js. I was a little confused that the oauth2.js _handleCallback method uses form encoding but the _utils.js serverMiddleware handler uses the json parser.

@syffs

This comment has been minimized.

Contributor

syffs commented Apr 26, 2018

naming this passport might be confusing, laravel passport is not the only passport library related to authentication...

@jmschneider

This comment has been minimized.

Contributor

jmschneider commented Apr 27, 2018

That is a good point. I would hesitate to call it laravel since it isn't the built in Laravel auth but a separate composer package called laravel/passport. Maybe something like laravel.passport, laravel_passport or laravelPassport? I'm not sure what the appropriate naming scheme would be or if laravel.passport would work.

@pi0

This comment has been minimized.

Member

pi0 commented Apr 27, 2018

I vote for laravel.password also maybe adding some helper functions for making Form requests would be better idea as we can reuse it for other providers.

@@ -99,6 +99,7 @@ export default class Oauth2Scheme {
const data = await this.$auth.request({
method: 'post',
url: this.options.access_token_endpoint,
baseURL: false,

This comment has been minimized.

@pi0

pi0 Apr 27, 2018

Member

This may introduce breaking changes! Why we need to disable axios baseURL?

This comment has been minimized.

@jmschneider

jmschneider Apr 27, 2018

Contributor

So currently, if you add a baseURL to the main axios module config it will prepend it to all request to relative paths. If you provide a full URL, this is ignored.

For hitting external sites like Google or Facebook, the baseURL is ignored because they would use a full URL. However, with the addAuthorize method, we add a serverMiddleware that will append the client secret and proxy the authentication request. If there is a baseURL set in the axios module config, this request will go to that URL instead of the nuxt.js server. Setting baseURL: false just tells axios to ignore the default baseURL and send it relative to the current page.

Basically, if we are serving our site from example.com and axios has baseURL: 'api.example.com' set, the auth request would go to something like api.example.com/_auth/oauth/passport/authorize which may or may not exist. If we set the baseURL to false, the auth request would go to example.com/_auth/oauth/passport/authorize where the Nuxt server would handle it with the serverMiddleware.

This comment has been minimized.

@pi0

pi0 Apr 28, 2018

Member

Thanks for detailed explanation. Seems reasonable.

@breakingrobot

This comment has been minimized.

Member

breakingrobot commented Apr 27, 2018

@pi0 I beg to differ about adding a Laravel Passport provider into the core of the module.

IMHO - we should only maintain and integrate well-known authentication providers. I feel like that solutions like Laravel Passport are meant to be extensible and have many edge cases even if it is built upon OAuth.

This will introduce some complexity in our maintenance process for multiples reasons (Laravel Passport updates, users using customized responses, there multiples ways to interact with authentication through JavaScript using Laravel Passport and it is going to lead to issues asking us on how to integrate it further). I won't be surprised if Laravel Passport implement new authentication flows in the future.

@jmschneider

This comment has been minimized.

Contributor

jmschneider commented Apr 27, 2018

@breakingrobot Laravel Passport is built on league/oauth2-server which should be OAuth 2.0 spec compliant. The more I think about it, it might be better to update the oauth2 scheme (and maybe the local scheme?) to automatically use addAuthorize to proxy request if there is a client_secret in the config. That would potentially just make Laravel Passport work out of the box with the oauth2 scheme without the need for a custom provider.

@pi0

pi0 approved these changes Apr 28, 2018

@pi0

This comment has been minimized.

Member

pi0 commented Apr 28, 2018

@breakingrobot I agree about complexity level of maintenance when adding more and more providers. But laravel-passport is a well-known one and if they (at least try to) implement oauth2 spec. that decreases chances of breaking changes.

@pi0

This comment has been minimized.

Member

pi0 commented Apr 28, 2018

@jmschneider Thanks for your contribution on laravel integration. However we can do more refactors, I will merge it to see the users feedback. BTW more docs and maybe pointing to a starter template would be more than awesome. We can transfer starter template to nuxt-community too if you wish :)

@pi0 pi0 merged commit 9b09459 into nuxt-community:dev Apr 28, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment