Most secure way to pass Laravel passport access_token from Laravel blade to React component
up vote
1
down vote
favorite
I'm building chat application with ReactJS and Laravel, we are using Laravel Echo.
API needs an access_token to be authenticated so we need to pass the access_token in the component.
How can do it securely?
reactjs laravel security laravel-echo
add a comment |
up vote
1
down vote
favorite
I'm building chat application with ReactJS and Laravel, we are using Laravel Echo.
API needs an access_token to be authenticated so we need to pass the access_token in the component.
How can do it securely?
reactjs laravel security laravel-echo
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm building chat application with ReactJS and Laravel, we are using Laravel Echo.
API needs an access_token to be authenticated so we need to pass the access_token in the component.
How can do it securely?
reactjs laravel security laravel-echo
I'm building chat application with ReactJS and Laravel, we are using Laravel Echo.
API needs an access_token to be authenticated so we need to pass the access_token in the component.
How can do it securely?
reactjs laravel security laravel-echo
reactjs laravel security laravel-echo
asked 11 hours ago
frenchqwerty
134
134
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
The backend should have all api keys. Assume that anything sent to frontend can and will be copied to use elsewhere.
I strongly suggest that you use JWT (json web tokens) to handle authentication and make all such api calls on the backend on behalf of the authenticated user. Ideally checking if the user has permissions to do so.
add a comment |
up vote
0
down vote
The access_token can be generated by Laravel Passport (LP). Since LP is just an integration into The PHP League's OAuth 2, JSON Web Tokens (JWT) are issued by default. These tokens are pretty safe to be stored on the client side.
If you check the documentation, you will be able to generate tokens for users without going through the normal OAuth 2 flow.
Using the browser's LocalStorage, you can then store this token for future use.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The backend should have all api keys. Assume that anything sent to frontend can and will be copied to use elsewhere.
I strongly suggest that you use JWT (json web tokens) to handle authentication and make all such api calls on the backend on behalf of the authenticated user. Ideally checking if the user has permissions to do so.
add a comment |
up vote
0
down vote
The backend should have all api keys. Assume that anything sent to frontend can and will be copied to use elsewhere.
I strongly suggest that you use JWT (json web tokens) to handle authentication and make all such api calls on the backend on behalf of the authenticated user. Ideally checking if the user has permissions to do so.
add a comment |
up vote
0
down vote
up vote
0
down vote
The backend should have all api keys. Assume that anything sent to frontend can and will be copied to use elsewhere.
I strongly suggest that you use JWT (json web tokens) to handle authentication and make all such api calls on the backend on behalf of the authenticated user. Ideally checking if the user has permissions to do so.
The backend should have all api keys. Assume that anything sent to frontend can and will be copied to use elsewhere.
I strongly suggest that you use JWT (json web tokens) to handle authentication and make all such api calls on the backend on behalf of the authenticated user. Ideally checking if the user has permissions to do so.
answered 11 hours ago
Sergio Moura
4,01511631
4,01511631
add a comment |
add a comment |
up vote
0
down vote
The access_token can be generated by Laravel Passport (LP). Since LP is just an integration into The PHP League's OAuth 2, JSON Web Tokens (JWT) are issued by default. These tokens are pretty safe to be stored on the client side.
If you check the documentation, you will be able to generate tokens for users without going through the normal OAuth 2 flow.
Using the browser's LocalStorage, you can then store this token for future use.
add a comment |
up vote
0
down vote
The access_token can be generated by Laravel Passport (LP). Since LP is just an integration into The PHP League's OAuth 2, JSON Web Tokens (JWT) are issued by default. These tokens are pretty safe to be stored on the client side.
If you check the documentation, you will be able to generate tokens for users without going through the normal OAuth 2 flow.
Using the browser's LocalStorage, you can then store this token for future use.
add a comment |
up vote
0
down vote
up vote
0
down vote
The access_token can be generated by Laravel Passport (LP). Since LP is just an integration into The PHP League's OAuth 2, JSON Web Tokens (JWT) are issued by default. These tokens are pretty safe to be stored on the client side.
If you check the documentation, you will be able to generate tokens for users without going through the normal OAuth 2 flow.
Using the browser's LocalStorage, you can then store this token for future use.
The access_token can be generated by Laravel Passport (LP). Since LP is just an integration into The PHP League's OAuth 2, JSON Web Tokens (JWT) are issued by default. These tokens are pretty safe to be stored on the client side.
If you check the documentation, you will be able to generate tokens for users without going through the normal OAuth 2 flow.
Using the browser's LocalStorage, you can then store this token for future use.
answered 8 hours ago
Caleb Lucas
165
165
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400434%2fmost-secure-way-to-pass-laravel-passport-access-token-from-laravel-blade-to-reac%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown