What are these concepts?
- Passport is the official Laravel package that implements Oauth2 and JWT.
- Auth0 is an authentication and authorization service. This is a kind of all-in-one authentication solution for APIs. It implements JWT by default and can implement Oauth2, as well as many other protocols .
- OAuth2 is an authorization structure or protocol that allows applications (those that you intend to create) to provide limited access to user accounts such as Facebook, GitHub, etc. Imagine that your application has become large enough to offer an login with the application name HERE or to provide limited access to your user account to other third-party applications. With Oauth2, you can achieve this among many other things .
- JWT is a token format. In other words, this is how the data to create the token will be organized. Another token format will be SWT.
In other words:
- Passport implements → Oauth2 and JWT.
- Auth0 can implement → Oauth2 or many other protocols such as LDAP, OPEN ID, etc.
- Oauth2 can implement → JWT or other token formats like SWT ...
What should you use?
It would be crazy for a newbie to create their own Oauth2 implementation compatible with Laravel. Oauth2 came out. All we remember are three package options. Passport , tymondesigns / jwt-auth and Auth0 .
JWT (tymondesigns / jwt-auth package) is great for creating only email and password authentication. Although, if you use Passport for basic authentication by email and password, you don’t have to worry about the fact that the “Oauth2 implementation” will affect the performance of your application (which is not so much). The difference arises when all these frightening migration tables and routes are generated by Passport, but with a little practice you will understand them. Auth0 seems to be quick to install, but in some cases it might be too exaggerated if you don't consider the security of working with the Laravel community package.
The real match is between Auth0 and Passport. Auth0 is a Swiss army knife compared to a passport. You will have a really good toolbar that allows you to manage all aspects of your API. From third-party authentication to add more applications (mobile, web, desktop) that can use this API. The passport can be compared with a thinner knife. It was created specifically for Laravel, and in the long run, you can implement your own beautiful and customizable control panel to manage your API clients.
Conclusion
I think the real choice should be between Passport and Auth0. It depends on you whether you want to create an API in Laravel, or whether you will be more immersed in the API world than in Laravel. In my case, I prefer Passport over Auth0 at the end of the JWT. Causes:
- I like working with official Laravel packages.
- Apart from the routes and tables added to my project, this will not affect.
- If I started with the most basic authentication API and wanted to scale, it would be much easier.
Still talking about the last point, some may say that the Auth0 community is small. This is basically the case. But he also has amazing customer support staff.
Passport and Oauth2 Tutorials
Laravel and Oauth2 Docs explaining tokens can be a bit complicated. Here is a good explanation of the passports (hence Oauth2) of various types of tokens and their use cases . Since I could not understand part of the "routes" of the lesson, I would not recommend that part of the lesson.
This is a good passport instructional video that also uses the PostMan Chrome app for API calls. For those of you new to this API, applications like PostMan will make your job a lot easier than using the curl command for Linux / Mac. You can see the full series or just the passport part. At the moment, I'm stuck on video 4. Here is my not decided yet Question
Resources
Many of these resources are distributed above in the article, but I also have some here.