meeshal
1 week ago
140
2
Laravel

Laravel Passport and Chrome Extensions

Posted 1 week ago by meeshal

What will be the perfect way to make auth:api requests from a chrome extension to laravel passport api?

Conditions:

  1. Chrome extension users should not have to go though the Oauth process of redirection.
  2. Once a user is logged in they should be logged in until they logout, I mean even if they close the browser they should be logged in.
  3. Issued tokens cannot be used with other devices

What I am currently doing:

  1. On register/login I am creating a password access client and issuing a token and a refresh token, valid for an year.
  2. Storing these tokens in local storage of that device (chrome.storage.local)
  3. Using these token to know if the user is valid or not, logged in or not.

Ofcouse this is not a good idea because anyone can register, which will generate a token and this can be used to access allowed resources (i am using laratrust for ACL), from any device or bot to exploit my API.

My platform/server: Laravel 6, Passport 9, Laratrust 5

I have multiple clients for the API, a mobile app, own website (using CreateFreshApiToken middleware), other 3rd party clients (using Oauth), I need to add this new chrome extension to have access to the API.

Any help will be great, Thanks

Please sign in or create an account to participate in this conversation.