-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[5.x] Support Laravel Passport #1521
base: 5.x
Are you sure you want to change the base?
Conversation
Thanks for submitting a PR! Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface. Pull requests that are abandoned in draft may be closed due to inactivity. |
<!-- Confidential --> | ||
<div class="col-span-6 sm:col-span-4"> | ||
<label for="confidential" class="flex items-center"> | ||
<Checkbox id="confidential" v-model:checked="createOAuthAppForm.confidential" /> | ||
<span class="ms-2 text-sm text-gray-600 dark:text-gray-400">Confidential</span> | ||
</label> | ||
<InputError :message="createOAuthAppForm.errors.confidential" class="mt-2" /> | ||
</div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would love a small explanation beneath the Checkbox Label, which explains what Confidential is needed for. Similar to https://tailwindui.com/components/application-ui/forms/checkboxes#component-f03fb959d6ba814eb987d39ae40961f0
Or simply radio buttons for selecting public or confidential with a corresponding explanation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would keep it simple for now, with a radio button selection of one of the two options.
I would align with https://oauth.net/2/client-types/
Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe.
Public clients are unable to use registered client secrets, such as applications running in a browser or on a mobile device.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Confidential Client
Application that is able to securely authenticate with this application, without revealing the secret to an end-user.
Public Client
Unable to use registered clients secrets, such as applications running in a browser or on a mobile device.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'll add this explanation for now. But Jetstream doesn't have pre-built radio button component.
Just keeping things simple for now but we may also need a way to enable device flow for laravel/passport#1750
Github example: https://github.com/settings/apps/new
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, there can be other options too.
You could use the same as the teams permissions options:
https://jetstream.laravel.com/features/teams.html
Hey this is a great idea! I have maintained a package since the start of Jetstream which adds Passport support to Jetstream. It's possible you may find some of the code useful to your PR. Feel free to use what you need. First party support would be nice. https://github.com/headerx/laravel-jetstream-passport |
Thank you, @inmanturbo! I appreciate the feedback and the offer to use your package as a reference. If you have any suggestions or insights from your experience maintaining that package, I'd love to hear them. This PR is still a work in progress, and I plan to add tests and implement the new device flow as soon as the required PRs on Passport merged. |
stubs/inertia/resources/js/Pages/OAuth/Partials/OAuthAppManager.vue
Outdated
Show resolved
Hide resolved
@hafezdivandari First of all: amazing work! While clicking on the 'Authorize' button I encounter cors problems: Edit: When I manually visit the callback link I see a preflight request with OPTIONS set (including the allowed origin header) in my network tab. |
@vincentleijen You may check laravel/passport#213 (comment) and inertiajs/inertia-laravel#323 (comment) and inertiajs/inertia-laravel#303. The CORS issue seems to be totally unrelated to this PR. |
@hafezdivandari |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found a thingy
autofocus | ||
autocomplete="off" | ||
/> | ||
<InputError :message="createOAuthAppForm.errors.name" class="mt-2" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Errors are wrapped into createClient
<InputError :message="createOAuthAppForm.errors?.createClient?.name" class="mt-2"/>
class="mt-1 block w-full" | ||
autocomplete="off" | ||
/> | ||
<InputError :message="createOAuthAppForm.errors.redirect_uris" class="mt-2" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same goes for this line:
<InputError :message="createOAuthAppForm.errors?.createClient?.redirect_uris" class="mt-2"/>
<Checkbox id="confidential" v-model:checked="createOAuthAppForm.confidential" /> | ||
<span class="ms-2 text-sm text-gray-600 dark:text-gray-400">Confidential</span> | ||
</label> | ||
<InputError :message="createOAuthAppForm.errors.confidential" class="mt-2" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And this one:
<InputError :message="createOAuthAppForm.errors?.createClient?.confidential" class="mt-2"/>
Todo
Features
jetstream:install --api --oauth
OAuth Apps
API Tokens
Authorize View