问题描述

我目前正在学习如何在Laravel中创建API，并且发现自己陷入了这个令人困惑的概念.经过几天的研究和实践，我终于可以对这些概念有足够的了解，从而可以制作一份迷你指南.我不得不研究很多单独的网页，因此我将尽最大努力解释它们之间的关系.

I'm currently learning how to create an API in Laravel and I found myself into this confusing concepts. After a few days of research and practice, I could finally understand enough this concepts to make a mini-guide. I had to look into a lot of separate webpages so I will make my best attempt to explain the relationship between them.

推荐答案

这些概念是什么?

• 护照是可实现Oauth2和JWT的官方Laravel软件包.
• Auth0 是一种身份验证和授权服务.这是一种用于API身份验证的多合一"解决方案.它默认情况下实现JWT，并且可以实现Oauth2以及许多其他协议.
• OAuth2是一种授权框架或协议，可以使应用程序(您将要构建的应用程序)授予对Facebook，GitHub等用户帐户的有限访问权限.想象一下，您的应用程序已经足够大，可以提供使用APP NAME HERE登录"，或者为其他第三方应用程序提供对用户帐户的有限访问权限.借助Oauth2，您可以在其他很多方面.
• JWT 是一种令牌格式.换句话说，这就是如何排列数据以创建令牌的方式.另一种令牌格式是SWT.

What are these concepts?

• Passport is an official Laravel package that implements Oauth2 and JWT.
• Auth0 is an authentication and authorization service. It is kinda "all in one" solution for API auth. It implements JWT by default and can implement Oauth2 as well as many other protocols.
• OAuth2 is an authorization framework or protocol that enables applications(the ones you're going to build) togive limited access to user accounts such as Facebook, GitHub, etc... Imagine that your app grew big enough to offer a "Sign in with APP NAME HERE" or provide limited access to your users account to other third-party applications. With Oauth2 you can achieve this among many other things.
• JWT is a token format. In other words, it is how data will be arranged to create a token. Another token format would be SWT.

换句话说:

• 护照工具-> Oauth2和JWT.
• Auth0可以实现-> Oauth2或其他许多协议，例如LDAP，OPEN ID等...
• Oauth2可以实现-> JWT或其他令牌格式，例如SWT ...

对于初学者来说，创建与Laravel兼容的自己的Oauth2实现不仅很疯狂，而且如果您正在阅读本书，这很可能是因为您不知道该怎么做.所有Oauth2的复杂性. Oauth2输出.我们所要重新定义的是三个软件包选项. 护照， tymondesigns/jwt-auth 和 Auth0 .

Not only it would be crazy for a beginner to create its own Oauth2 implementation compatible with Laravel, but also chances are that if you're reading this is because you don't know exactly how to all the Oauth2 complexity. Oauth2 out. All we have remeaning is three package options. Passport, tymondesigns/jwt-auth and Auth0.

在继续之前，让我注意一下，当我提到"JWT"或普通JWT"时，我实际上是指 tymondesigns/jwt-auth 包.真正的匹配来自Auth0，Passport和普通的JWT ...

Before continuing, let me note that when I refer to 'JWT' or 'plain JWT' I really mean to the tymondesigns/jwt-auth package. The real match comes between Auth0, Passport and plain JWT...

Auth0 是瑞士军刀.这把刀是一个多合一的解决方案.它可以自己做很多事情，而无需依赖Laravel或其他框架，您可能不需要做一些额外的事情.为了不让它扩展太久，我只能说它可以做您可能想像成的API初学者.而且，您将直接获得一个非常好的仪表板，它将使您能够管理API的各个方面.从第三方身份验证添加更多可以使用该API的应用程序(移动，Web，桌面).

Auth0 is a Swiss army knife compared to Passport and JWT. This knife is an all in one solution. It can do a lot of stuff on its own plus some extras that you might never need without depending on Laravel or other frameworks. To not extend this too long, let me just say that it can do whatever you could possibly imagine as an API beginner. Also, you would have a really good dashboard straight out of the box which will allow you to manage all aspects of your API. From third-party authentication to add more apps (mobile, web, desktop) that can consume that API.

护照可以与更精致的刀子相提并论.它的创建者知道它将剪切什么，并专门为这些任务设计了它.换句话说，它是专为Laravel设计的，可以流畅，完美地工作，而不会打扰任何风吹草动.不过，不要忘记，从长远来看，您可以在其之上实现自己的代码.就像一个不错的自定义仪表板来管理您的API客户端.

Passport could be compared with a more delicate knife. Its creators knew what it will cut and designed it specifically for those tasks. In other words, it was built especially for Laravel to work smoothly and flawlessly without having many bells and whistles bothering around. Though, don't forget that in the long run you can implement your own code on top of it. Like a nice and custom dashboard to manage your API clients.

最后，回到刀的类比，我想将 JWT 与没有任何额外花哨的锐化刀片进行比较.它轻巧，实用，安全并能胜任.您将获得的好处是，您不必担心其他软件包添加的所有其他功能.此外，由于其灵活性，您可以根据需要对其进行升级，如果需要更大的升级，甚至可以切换到另一个软件包.

Finally, back to the knife analogy, I like to compare JWT with a sharpened blade without any fancy extras. It's lightweight, functional, secure and does its job. You get the benefit that you will not have to worry about all extras that the other packages add. Furthermore, you can upgrade this knife however you want due to its flexibility or even switch to another package if you need a heavier upgrade.

这取决于您，如果您想减少所有可能扔给您的东西并留在API世界中而不是在Laravel (Auth0)中，请缩小到Laravel和Oauth2的重点用于第三方验证(Passport)或通过API(JWT)开箱即用地进行基本的安全数据传输.是的...您还可以通过三个应用程序将您的应用程序链接到您的移动应用程序.

It depends on you, if you want to cut everything that might be thrown at you and stay more in the API world than in Laravel (Auth0), narrow down to the focus of Laravel and Oauth2 for third party authentications (Passport) or have a basic secure data transfer out of the box via API (JWT). And yes... You can also link your app to your mobile app with the three of them.

我个人更喜欢Passport，因为:

Personally I prefer Passport because:

• 我喜欢使用Laravel官方软件包.
• 除了添加到我的项目中的许多额外路线和表格外，其性能不会受到影响.
• 如果我从最基本的API身份验证开始并且想要扩展，那会容易得多.
• 使用Laravel软件包的舒适性.

仍然谈论最后一点，有人可能会说Auth0社区很小.它基本上是，但它也有很棒的客户支持人员.

Still talking about the last point, some may say that Auth0 community is small. It basically is, but also it has awesome client support personnel.

Laravel和Oauth2 Docs对令牌的解释可能有些困难.这是 护照(因此是Oauth2)不同类型的令牌及其用例.由于我无法弄清楚本教程的路线"部分，因此我不建议您使用本教程的部分.

Laravel and Oauth2 Docs explanation of tokens might be a little difficult. Here is a Good Explanation of Passport's(therefore Oauth2) Different Types of Tokens and Their Use Cases. Since I couldn't figure out the "routes" part of the tutorial I wouldn't recommend the tutorial part.

这是好的护照视频教程，它也使用了PostMan用于API调用的Chrome应用.对于那些不熟悉此API知识的人来说，PostMan之类的应用程序将使您的工作比使用"curl" Linux/Mac命令更容易.您可以观看完整的系列，也可以观看Passport的一部分.目前，我停留在视频4上.这是我的.

This is a Good Passport Video Tutorial which also uses the PostMan Chrome app for API calls. For those of you who are new to this API stuff, apps like PostMan will make your work a lot easier than using a "curl" Linux/Mac command. You could watch the complete series or just the Passport part. At the moment I'm stuck on video 4. Here's my Stack Overflow question.

资源

许多资源都散布在文章的上方，但我在这里也有一些.

Many of the resources are all spread above in the article but I also have some here.

• 堆栈溢出JWT与Oauth
• Oauth2的Auth0说明
• OAuth2简介
• 简化了OAuth2
• Stack Overflow JWT vs Oauth
• Auth0 explanation of Oauth2
• An Introduction to OAuth2
• OAuth2 Simplified

这篇关于Laravel Passport vs JWT vs Oauth2 vs Auth0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！