如何处理Passport中的密码授予令牌的client_id和client_secret [英] How to handle client_id and client_secret for Password Grant Tokens in Passport

问题描述

我试图弄清楚如何处理Passport软件包中的密码授予令牌.我应该在请求令牌的同时将client_id和client_secret存储在.env文件中还是直接从数据库中获取值?

I am trying to figure out how to handle the Password Grant Tokens in Passport package. Should i store the client_id and client_secret in .env file or fetch the values direct from the database while requesting for a the token?

推荐答案

这取决于您最终要实现的目标.

It depends on what you are finally trying to achieve.

护照令牌始终存储在 DB 中，这是检索令牌的正确位置(除非您正在优化生产应用程序，以减少数据库负载).

Passport tokens are always stored in DB, and this is the right place to retrieve them (unless you are optimizing your production app, to gain less db load).

因此，如果要构建 api 端点，可以将 PASSPORT_CLIENT_ID 安全地存储在.env中.

So, if you want to build an api endpoint, you can safely store PASSPORT_CLIENT_ID in your .env.

然后，在您的控制器中，您可以轻松地检索您可能需要的所有数据.

And then, in your controller, you can easily retrieve all data that you may need.

该怎么做?请阅读我的帖子，了解如何将其嵌入到您的 laravel 控制器.

How to do it? Please read my post, on how you can embed this in your laravel controller.

护照是建立在 oauth2服务器之上的，具有许多功能

Passport is built on top of oauth2 server which has loads of features.

很可能您并不需要全部，因此在这种情况下，您可以遵循基本的 jwt授权.

Most likely you won't need them all, so you can stick to the basic jwt authorization as in this case.

这种方法将使您能够在不同的 CI 环境中测试代码，而无需在 VCS 中共享任何特定的密钥/令牌，这绝对是一个好习惯.

This approach would enable you to test your code against different CI environments, while not sharing any specific keys/tokens in your VCS, which is definitely a good practice.

最后的说明... 护照使像dingo，tymon jwt等之类的程序无用，因为它几乎囊括了所有东西，而真正重要的是，这是正式的Laravel包.

Final note... Passport makes packages like dingo, tymon jwt, etc.. useless, cause it has almost everything packed in, and what really important is, this is the official Laravel package.

这篇关于如何处理Passport中的密码授予令牌的client_id和client_secret的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！