Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roman2019-09-09 22:34:36
JSON Web Token
Roman, 2019-09-09 22:34:36

What exactly happens when authenticating through Socialite / JWTAuth and generally through the API in the context of Vue.js (confused about these tokens)?

I found an example of implementing authentication through Laravel/Socialite + Nuxt social networks:
https://github.com/fritsvt/laravel-nuxt-authentication
and there is also a video for it: https://www.youtube.com/playlist?list=PLeZmuYT0mSP ...
It seems to be what I need, but somehow it's too fancy .. For some reason, he also uses https://github.com/tymondesigns/jwt-auth , although social networks are also used when answering in the callback-url they return some token of their own, and then this jwt-auth also gives its own token ... in general, I'm frankly confused
Is it possible to do without JWTAuth somehow?
What generally scheme of authentication/authorization in this case?
Here, for example, GitHub returns me a token along with user data:

token: "0ea876a4b6233744de2da0bd20f5d0c9a06d4790"
refreshToken: null
expiresIn: null

Why is he giving it to me? what to do with him? and why then do we also need JWTAuth with our own token, if we already have a token?
Explain who understands this please.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alex Wells, 2019-09-09
@procode

The token returned by social networks / github is their authorization token. Login/password analogue, only with limited rights.
With this token, you can knock on the apishki of these social networks on behalf of the user from whom you authorized. I.e. I went to some site through Facebook - that's it, this site can perform some set of actions on your behalf.
JWT can be used for the same implementation of a similar token system, only for users of your application. I.e. someone sent the correct login-password to your apish, you gave the token. With this token, they can knock on your api and perform some actions in the same way.
In general, these are two different tokens, not related to each other. By itself, jwt has nothing to do with it. You can do without it, but it's better to use laravel-passport and don't sweat it.

Similar questions
G
Gagydzer2019-08-21 11:51:27
How to implement tab-safe read/write to localStorage? 2Reply
D
dsvsdv2017-04-08 06:50:07
How to send a token from the client side without frameworks? What is the rationale for the presence of passport in the project? 0Reply
E
Eugenue Cesarevich2021-03-26 21:39:41
How to implement "Remember me" feature with JWT? 1Reply
A
Alexander2019-12-05 14:31:19
Secure user authentication without sessions? 4Reply
H
heducose2017-07-21 20:29:46
How to validate against a specific payload value in express-jwt? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question