I am trying to wrap my head around oauth2 so I actually know what I am doing, however not everything is clear.
I know that in OAuth2 we have various flows available. Quite popular ones are (I think):
- Authorization Code Grant
- Implicit Grant
- Password Grant
In my SPA I used https://auth.nuxtjs.org/ for handling user authorization. On the backend, there is Laravel Passport. This auth module offers us built-in support for OAuth as well as for some extra abstraction layers on the top of it - like Laravel Passport. I understand that these providers are sort of extensions of schemes, pre-configured for particular services.
I am not sure what is the difference between local scheme (https://auth.nuxtjs.org/schemes/local) which looks like that:
local: {
token: {
property: 'access_token',
type: 'Bearer'
},
user: {
property: 'user',
},
endpoints: {
login: {url: '/login', method: 'post'},
logout: {url: '/logout', method: 'post'},
user: {url: '/user', method: 'get'}
}
}
And Laravel Passport provider (https://auth.nuxtjs.org/providers/laravel-passport) which works like that (this one I can't get to work):
'laravelPassport': {
provider: 'laravel/passport',
endpoints: {
userInfo: {url: '/user', method: 'get'}
},
url: 'http://publisher-local.co.uk:8080/api/v1',
clientId: '*',
clientSecret: '****'
}
Are they not the same thing? I mean Passport is just an Oauth thing and I am sending credentials there so I assume it is a Password Grant Flow in my first example?
If in passport provider which is based on Oauth scheme I would have grantType:client_credentials would it be considered a Password Grant Flow as well?
It gets even more confusing because when I try to use Passport Provider the redirects work a bit differently.
I am not sure what to choose and how to understand the whole process.
