I am building a GraphQL API with Laravel and the Lighthouse PHP package for SPA website.
I just wanted a very basic user authentication. Login with your email and password and verify your authentication with an access token. Passport seemed to be the way to go a few months ago when I was setting up my project. It works decent!
But the setup is very fragile and to this day I never understood how Passport works and why it has to work like it does.
Let me explain. Sometimes I would reset my database. To re-enable Passport I would have to do the following steps:
Run php artisan passport:install.
This will create 5.... extra database tables. Just to make me able to login with the users recorded in my users table.
And it will also create two records in the oauth_clients table: A Personal Access Client and a Password Grant Client. Latter seems to be of special interest and I would have to take the id (usually "2") and the value of the column "secret" and update my env variables for it.
This could look like:
PASSPORT_CLIENT_ID=2
PASSPORT_CLIENT_SECRET=0n6JZkpix6NxOc21cWwo90kiLT31DZtpppka2tAC
Because these are being read by Lighthouse to somehow get my authentication working (https://github.com/joselfonseca/lighthouse-graphql-passport-auth ).
This is a huuuuuuge overhead and for the last months I would just endure it, because it worked so well. Now I am setting a CI with end to end tests and now it is getting really ridiculous. Because now I would have to tell the CI: "Yeah, run that command and then run that sql query to obtain the secret and then somehow make it an env variable and then don't forget to clear caches.".
...to the point where I really have to ask questions. Over the months I have been trying to understand Passport, but I was not able to. If someone could explain it or explain my confusion in their own words, I am sure this would help me a lot.
Thank you.
