If you are consuming your own api then you don’t need to call http://example.com/oauth/token for user login because then you need to store client_id and client_secret at app side. Better you create an api for login and there you can check the credentials and generate the personal token. public function login(Request $request) { $credentials = … Read more
Or are scopes not the same as roles? The biggest difference between the two is the context they apply to. Role-based Access Control (RBAC) governs the access control of a user when using the web application directly, while Oauth-2 scope governs the access to the API resources for an external client on behalf of a … Read more
I’ll try to answer this in a generic way so that the answer is applicable across frameworks, implementations and languages because the answers to all the questions can be derived from the general protocol or algorithm specifications. Which OAuth 2.0 grant type should I use? This is the first thing to be decided. When it … Read more