Just as a preface, I am in the process of learning Laravel, Javascript and OAuth.
What I was going for was for a user to be able to log in, get a Authorization Key, save the Key (along with expire date) in the session area and then use this key as "guard" for routes (that return views).
After following the instructions here (it uses Laravel passport and OAuth):
https://www.youtube.com/watch?v=D7gUz3RcTm8&t=18s https://mattstauffer.co/blog/introducing-laravel-passport
https://scotch.io/@neo/getting-started-with-laravel-passport
I pretty much wound up with a Javascript client that would first request authentication. After getting it, my understanding was that the server returned info (approved KEY and expiration) that could indeed be stored in a session. Unfortunately, I did not see how this could be used to protect routes.
Am I missing something? Am I using the wrong tool for what I am trying to accomplish?
When one does, "php artisan route:list", the following is returned below:
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+-----------------------------------------+------+----------------------------------------------------------------------------+--------------+
| | GET|HEAD | / | | Closure | web |
| | GET|HEAD | api/user | | Closure | api,auth:ap
| | DELETE | oauth/personal-access-tokens/{token_id} | | \Laravel\Passport\Http\Controllers\PersonalAccessTokenController@destroy | web,auth |
| | GET|HEAD | oauth/scopes | | \Laravel\Passport\Http\Controllers\ScopeController@all | web,auth |
| | POST | oauth/token | | \Laravel\Passport\Http\Controllers\AccessTokenController@issueToken | throttle |
| | POST | oauth/token/refresh | | \Laravel\Passport\Http\Controllers\TransientTokenController@refresh | web,auth
|
What is the difference between "api" routes and "web" routes? What is throttle? Do API routes just return JSON?
TIA