3 months ago

How does Passport's "Consuming Your API With JavaScript" work ?

Posted 3 months ago by cristimocean

I was following the official docs, trying to learn how to use Passport and I hit a wall at this section: The problem is that this feature simply allows me access to EVERYTHING. It ignores scopes and the logged in member. Is that how is it supposed to work ?

For example:

Route::get('articles/{article}', '[email protected]')->middleware(['auth:api', 'scopes:chewarticlepaper']);

The "chewarticlepaper" scope does not exist, but I can still access the article from javascript. And I can even access the articles from members who don't even have an access token. The only thing the CreateFreshApiToken middleware seems to achieve is keep away guests. Is this all it does or I am missing something ?

Any good tutorial on using this particular feature ? (CreateFreshApiToken / laravel_token) ?


Please sign in or create an account to participate in this conversation.