Answer the question
In order to leave comments, you need to log in
How to correctly implement authentication in OAuth without disclosing the user id?
Good day, point me in the right direction please.
When authenticating in Laravel OAuth, you need to pass
{
"grant_type":"password",
"client_id":"1",
"client_secret":"secret",
"username":"username",
"password":"111111"
}
Answer the question
In order to leave comments, you need to log in
client_id and client_secret, as I recall, are the data of the key itself for your application. In your case, the user ID is not passed in any way.
In this way, you in theory do not transfer this data to the user. This data array must be embedded in the program, and the user only has to enter the login and password from his account.
Yes, sending client_secret to the client is complete nonsense. But no one asks you about it, actually. I didn't work with passport, but after re-reading the entire doc, I still couldn't find the place where the client_secret (not _id) would be passed to the client. The only thing I saw there was requests to my own server with this parameter, and in all other places where the user is redirected, I see only client_id.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question