miso
3 years ago

Passport - replacement for user authentication?

Posted 3 years ago by miso

Hi, is it a good idea to use Passport just for user authentication? I have my own (first-class) client Javascript application, so I can create new oauth Password Grant Client. Docs say:

$response = $http->post('http://your-app.com/oauth/token', [
    'form_params' => [
        'grant_type' => 'password',
        'client_id' => 'client-id',
        'client_secret' => 'client-secret',
        'username' => '[email protected]',
        'password' => 'my-password',
        'scope' => '',
    ],
]);

But how and where to hide the client_secret? It is javascript app and anyone can see its source code - after that it can simulate my app/first-class client.

The second question is how can Password Grant Tokens work with multiple devices/browsers? Can be user authenticated in multiple browsers? Thank you

Please sign in or create an account to participate in this conversation.