What are these concepts?

• Passport是实现Oauth2和JWT的正式Laravel包.
• Auth0 is an authentication and authorization service. It is kinda "all in one" solution for API auth. It implements JWT by default and can implement Oauth2 as well as many other protocols.
• OAuth2是一个授权框架或协议，使applications(the ones you're going to build)能够
• JWT is a token format. In other words, it is how data will be arranged to create a token. Another token format would be SWT.

换句话说:

• Passport 工具->；Oauth2和JWT.
• Auth0 can implement -> Oauth2 or many other protocols like LDAP, OPEN ID, etc...
• Oauth2可以实现->；JWT或其他令牌格式，如SWT...

What should you use?

它不仅与Laravel兼容，而且如果你正在阅读这篇文章，很可能是因为你不知道如何准确地处理所有Oauth2的复杂性.Oauth2 out..我们只记得三个套餐选项.Passport、tymondesigns/jwt-auth和Auth0.

Before continuing, let me note that when I refer to 'JWT' or 'plain JWT' I really mean to the tymondesigns/jwt-auth package. The real match comes between Auth0, Passport and plain JWT...

与Passport和JWT相比，Auth0是一把瑞士军刀.这把刀是一种综合解决方案.它可以自己做很多事情，加上一些额外的东西，如果不依赖Laravel或其他框架，你可能永远都不需要.为了不把它扩展太长时间，我只想说，它可以做任何你作为一个API初学者可能想象得到的事情.此外，你会有一个非常好的仪表板，它可以让你管理API的所有方面.从第三方身份验证到添加更多可以使用该API的应用(移动、网络、桌面).

Passport could be compared with a more delicate knife. Its creators knew what it will cut and designed it specifically for those tasks. In other words, it was built especially for Laravel to work smoothly and flawlessly without having many bells and whistles bothering around. Though, don't forget that in the long run you can implement your own code on top of it. Like a nice and custom dashboard to manage your API clients.

最后，回到刀子的比喻上，我喜欢比较JWT和没有任何花哨的额外配件的锋利的刀刃.它重量轻、功能齐全、安全可靠，而且还能做好本职工作.您将获得的好处是，您将不必担心其他软件包添加的所有额外内容.此外，由于它的灵活性，您可以随心所欲地升级这把刀，如果您需要更重的升级，甚至可以切换到另一个软件包.

Conclusion

这取决于你，如果你想减少所有可能被扔到你身上的东西，并比在Laravel (Auth0)中更多地留在API世界中，那么就把注意力集中在Laravel和Oauth2上，用于第三方身份验证(Passport)，或者通过API(JWT)进行基本的安全数据传输.是的...你也可以用这三个链接将你的应用程序链接到你的移动应用程序.

Personally I prefer Passport because:

• 我喜欢使用官方的Laravel包.
• Besides the many extra routes and tables added to my project, its performance will not be affected.
• 如果我从最基本的API auth开始并想要扩展，这会容易得多.
• The coziness of working with a Laravel Package.

Still talking about the last point, some may say that Auth0 community is small. It basically is, but also it has awesome client support personnel.

Tutorials on Passport and Oauth2

Laravel和Oauth2文档对 token 的解释可能有点困难.这是Good Explanation of Passport's(therefore Oauth2) Different Types of Tokens and Their Use Cases美元.因为我无法理解教程中的"路由"部分，所以我不推荐教程部分.

This is a Good Passport Video Tutorial which also uses the PostMan Chrome app for API calls. For those of you who are new to this API stuff, apps like PostMan will make your work a lot easier than using a "curl" Linux/Mac command. You could watch the complete series or just the Passport part. At the moment I'm stuck on video 4. Here's my Stack Overflow question.

Resources

本文中的许多资源都分布在上面，但我这里也有一些.

• Stack Overflow JWT vs Oauth
• Auth0 explanation of Oauth2
• An Introduction to OAuth2
• OAuth2 Simplified