1
votes

Just as a preface, I am in the process of learning Laravel, Javascript and OAuth.

What I was going for was for a user to be able to log in, get a Authorization Key, save the Key (along with expire date) in the session area and then use this key as "guard" for routes (that return views).

After following the instructions here (it uses Laravel passport and OAuth):

https://www.youtube.com/watch?v=D7gUz3RcTm8&t=18s https://mattstauffer.co/blog/introducing-laravel-passport

https://scotch.io/@neo/getting-started-with-laravel-passport

I pretty much wound up with a Javascript client that would first request authentication. After getting it, my understanding was that the server returned info (approved KEY and expiration) that could indeed be stored in a session. Unfortunately, I did not see how this could be used to protect routes.

Am I missing something? Am I using the wrong tool for what I am trying to accomplish?

When one does, "php artisan route:list", the following is returned below:

| Domain | Method   | URI                                     | Name | Action                                                                     | Middleware   |
+--------+----------+-----------------------------------------+------+----------------------------------------------------------------------------+--------------+
|        | GET|HEAD | /                                       |      | Closure                                                                    | web          |
|        | GET|HEAD | api/user                                |      | Closure                                                                    | api,auth:ap

|        | DELETE   | oauth/personal-access-tokens/{token_id} |      | \Laravel\Passport\Http\Controllers\PersonalAccessTokenController@destroy   | web,auth     |
|        | GET|HEAD | oauth/scopes                            |      | \Laravel\Passport\Http\Controllers\ScopeController@all                     | web,auth     |
|        | POST     | oauth/token                             |      | \Laravel\Passport\Http\Controllers\AccessTokenController@issueToken        | throttle     |
|        | POST     | oauth/token/refresh                     |      | \Laravel\Passport\Http\Controllers\TransientTokenController@refresh        | web,auth 

|

What is the difference between "api" routes and "web" routes? What is throttle? Do API routes just return JSON?

TIA

1

1 Answers

0
votes

What is the difference between "api" routes and "web" routes?

The web and api middleware are group middle, you can find their definition in http\kernel. The web will enable some aspect of the web application like Cookie, Session, or the CSRF token. While the api only check for throttle and binding model for controller.

What is throttle?

The throttle middleware use for limit how many times for calling a route.

API routes just return JSON?

It is up to you. You can return what you want.