I am developing stateless API service with authentication by JWT tokens, service must have access token and refresh token, for implementation used official Laravel Passport package.
The Laravel Passport package documentation (Laravel Passport documentation) states that Password Grant Tokens are deprecated: proof
If you go to OAuth 2.0 Server documentation - it will say that Password Grant is really deprecated and it is recommended to use it instead Authorization code grant: proof 1 proof 2
In the documentation for the Authorization code grant Authorization code grant documentation
The documentation for the channel shows two parts of the implementation:
In the first part of the implementation, I have to send a request to get the code and state.
In the second part of the implementation, using the code (which came in the first part), we get tokens.
The first problem is that the documentation in the first part should be redirecting, but since I have a stateless service, I can't use redirects.
The second problem is that the package uses a web provider (StatefulGuard) for this, but since stateless applications it only has an api provider (TokenGuard).
