Home > Blockchain >  laravel passport auth code - asking to grant permissions, is it nessecarry?
laravel passport auth code - asking to grant permissions, is it nessecarry?

Time:03-16

I am looking for some clarification as for how exactly to proceed with Oauth auth code PKCE grant when it comes to authorizing my own SPA.

So I get this when I am redirected from my SPA to backend (after I log in of course):

enter image description here

Now I get this, makes sense if I want to login into my app with google or twitter for example.

But If I want to log in to the backend app to get the token with my SPA - is there a way to avoid that every time a user logs in? Does it make sense?

I would like to have it from user perspective like this:

  • click login
  • redirect to backend pretending to be SPA (visually)
  • login
  • go straight back to SPA without having to confirm that stuff

I just mainly want to understand the process for SPA. I assume and suspect that what I want is simply not possible?

CodePudding user response:

Yes you can :)

Create your own Passport client.

<?php

declare(strict_types=1);

namespace App\Models;

class PassportClient extends \Laravel\Passport\Client
{
    /**
     * Determine if the client should skip the authorization prompt.
     *
     * @return bool
     */
    public function skipsAuthorization()
    {
        // todo: add some checks, e.g. $this->name === 'spa-client'
        return true;
    }
}

And update your App\Providers\AuthServiceProvider.

public function boot()
{
    // ...

    Passport::useClientModel(PassportClient::class);
}
  • Related