I am trying to implement Laravel Passport in order to allow 3rd party applications to connect to our API.
The ideal workflow is this:
- Users login to their CMS and create an API Key.
- Once created, they can connect a 3rd party app to the CMS e.g. mobile app, e-commerce, lead generation forms, etc.
- No OAuth dialog should be displayed - once an API Key has been generated it should be the only step in the process to accessing the data. In fact, no login is needed (username/password) at all - just the API Key.
I am new to OAuth and Laravel Passport and have the following questions:
Is Laravel Passport the right way to go for the above scenario? or should I implement a different approach (i.e take advantage of Laravel multi auth support or a JWT approach).
A token seems to be dependent on a user. In my scenario it does not fit the workflow/logic. A token must be connected to an app/client only. Is there a way to support this?
It seems as there is something called personal access clients - which may skip the login process, will that be good way to go? If so - what will be the quickest workflow to allow 3rd party access using the API key (do they need to call an initial
/authorizeroute or simply attach the token to the calls).
Your insights are much appreciated!