This repository was archived by the owner on Apr 4, 2025. It is now read-only.
This repository was archived by the owner on Apr 4, 2025. It is now read-only.
Setup OAuth on the acceptance environment for the Repair Tool #72
Description
Analysis
There are different grant types available to authorise users to the REST API. Which one should we use for the authorisation flow of the Repair Tool.
Acceptance criteria
- Best security practises should be followed.
- Authorisation method should be similar to how users can sign in/up for the web application.
Resources
- https://oauth2.thephpleague.com/authorization-server/which-grant/.
- https://www.scottbrady91.com/oauth/client-authentication-vs-pkce
- https://developers.onelogin.com/openid-connect/guides/auth-flow-pkce
Advice
The grant type that we will use to authorise users from the Repair Tool will be Authorization Code Grant with PKCE. The legacy alternative would be Password Grant, but this is not recommended anymore. See https://oauth2.thephpleague.com/authorization-server/which-grant/.
This flow is considered best practice when using Single Page Apps (SPA) or Mobile Apps.
From Onelog.com
Design
Realisation
Tasks
- Create OAuth client for the Repair Tool on the acceptance environment. Run
php artisan passport:client