这些概念是什么?

• Passport 是实现 Oauth2 和 JWT 的官方 Laravel 包.
• Auth0 是一种身份验证和授权服务.它有点合二为一"API 身份验证的解决方案.它默认实现 JWT，可以实现 Oauth2 以及许多其他协议.
• OAuth2 是一种授权框架或协议，它使应用程序(您将要构建的应用程序)能够限制对 Facebook、GitHub 等用户帐户的访问……想象一下，您的应用程序变得足够大，可以提供使用应用程序名称在此处登录"的功能；或向其他第三方应用程序提供对您的用户帐户的有限访问权限.使用 Oauth2，您可以在许多其他事情中实现这一点.
• JWT 是一种令牌格式.换句话说，就是如何安排数据以创建令牌.另一种令牌格式是 SWT.

What are these concepts?

• Passport is an official Laravel package that implements Oauth2 and JWT.
• Auth0 is an authentication and authorization service. It is kinda "all in one" solution for API auth. It implements JWT by default and can implement Oauth2 as well as many other protocols.
• OAuth2 is an authorization framework or protocol that enables applications(the ones you're going to build) to give limited access to user accounts such as Facebook, GitHub, etc... Imagine that your app grew big enough to offer a "Sign in with APP NAME HERE" or provide limited access to your users account to other third-party applications. With Oauth2 you can achieve this among many other things.
• JWT is a token format. In other words, it is how data will be arranged to create a token. Another token format would be SWT.

换句话说:

• 护照工具 ->Oauth2 和 JWT.
• Auth0 可以实现 ->Oauth2 或许多其他协议，如 LDAP、OPEN ID 等...
• Oauth2 可以实现 ->JWT 或其他令牌格式，如 SWT...

对于初学者来说，创建与 Laravel 兼容的自己的 Oauth2 实现不仅会疯狂，而且很可能如果您正在阅读本文，是因为您不确切知道如何所有的 Oauth2 复杂性.Oauth2 出来了.我们所指的只是三个包选项.护照、tymondesigns/jwt-auth 和 Auth0一>.

Not only it would be crazy for a beginner to create its own Oauth2 implementation compatible with Laravel, but also chances are that if you're reading this is because you don't know exactly how to all the Oauth2 complexity. Oauth2 out. All we have remeaning is three package options. Passport, tymondesigns/jwt-auth and Auth0.

在继续之前，让我注意，当我提到JWT"或普通 JWT"时，我真正指的是 tymondesigns/jwt-auth 包. 真正的匹配来自 Auth0、Passport 和普通 JWT...

Before continuing, let me note that when I refer to 'JWT' or 'plain JWT' I really mean to the tymondesigns/jwt-auth package. The real match comes between Auth0, Passport and plain JWT...

Auth0 与 Passport 和 JWT 相比是一把瑞士军刀.这把刀是一个多合一的解决方案.它可以自己做很多事情，加上一些你可能永远不需要的额外功能，而不依赖于 Laravel 或其他框架.为了不把它扩展得太久，我只想说它可以做任何你可以想象的 API 初学者.此外，您将拥有一个非常好的开箱即用的仪表板，它允许您管理 API 的所有方面.从第三方身份验证到添加更多可以使用该 API 的应用(移动、网络、桌面).

Auth0 is a Swiss army knife compared to Passport and JWT. This knife is an all in one solution. It can do a lot of stuff on its own plus some extras that you might never need without depending on Laravel or other frameworks. To not extend this too long, let me just say that it can do whatever you could possibly imagine as an API beginner. Also, you would have a really good dashboard straight out of the box which will allow you to manage all aspects of your API. From third-party authentication to add more apps (mobile, web, desktop) that can consume that API.

护照可以比作一把更精致的刀.它的创造者知道它将切割什么并专门为这些任务设计它.换句话说，它是专为 Laravel 构建的，它可以顺利和完美地工作，而不会受到许多花里胡哨的困扰.不过，请不要忘记，从长远来看，您可以在其上实现自己的代码.就像一个漂亮的自定义仪表板来管理您的 API 客户端.

Passport could be compared with a more delicate knife. Its creators knew what it will cut and designed it specifically for those tasks. In other words, it was built especially for Laravel to work smoothly and flawlessly without having many bells and whistles bothering around. Though, don't forget that in the long run you can implement your own code on top of it. Like a nice and custom dashboard to manage your API clients.

最后，回到刀的比喻，我喜欢将 JWT 与没有任何花哨附加功能的锋利刀片进行比较.它重量轻、功能强大、安全可靠，并能胜任.您获得的好处是您不必担心其他软件包添加的所有额外内容.此外，由于其灵活性，您可以随心所欲地升级这把刀，如果您需要更重的升级，甚至可以切换到另一个包.

Finally, back to the knife analogy, I like to compare JWT with a sharpened blade without any fancy extras. It's lightweight, functional, secure and does its job. You get the benefit that you will not have to worry about all extras that the other packages add. Furthermore, you can upgrade this knife however you want due to its flexibility or even switch to another package if you need a heavier upgrade.

这取决于你，如果你想削减所有可能扔给你的东西，并且更多地留在 API 世界而不是 Laravel (Auth0)，缩小到 Laravel 和 Oauth2 的重点用于第三方身份验证(Passport)，或者通过 API (JWT) 进行开箱即用的基本安全数据传输.是的...您还可以使用其中三个将您的应用链接到您的移动应用.

It depends on you, if you want to cut everything that might be thrown at you and stay more in the API world than in Laravel (Auth0), narrow down to the focus of Laravel and Oauth2 for third party authentications (Passport) or have a basic secure data transfer out of the box via API (JWT). And yes... You can also link your app to your mobile app with the three of them.

我个人更喜欢 Passport 因为:

Personally I prefer Passport because:

• 我喜欢使用官方 Laravel 包.
• 除了添加到我的项目中的许多额外路由和表外，其性能不会受到影响.
• 如果我从最基本的 API 身份验证开始并想要扩展，那会容易得多.
• 使用 Laravel 包的舒适性.

还是说最后一点，可能有人会说Auth0社区小.基本上是这样，但它也有很棒的客户支持人员.

Still talking about the last point, some may say that Auth0 community is small. It basically is, but also it has awesome client support personnel.

Laravel 和 Oauth2 Docs 对令牌的解释可能有点困难.这是对护照的很好解释(因此是 Oauth2)不同类型的令牌及其用例.由于我无法弄清楚路线"教程的一部分我不推荐教程部分.

Laravel and Oauth2 Docs explanation of tokens might be a little difficult. Here is a Good Explanation of Passport's(therefore Oauth2) Different Types of Tokens and Their Use Cases. Since I couldn't figure out the "routes" part of the tutorial I wouldn't recommend the tutorial part.

这是一个 Good Passport Video Tutorial，它也使用了 PostMan用于 API 调用的 Chrome 应用程序.对于那些不熟悉这个 API 的人来说，像 PostMan 这样的应用程序会让你的工作比使用卷曲"更容易.Linux/Mac 命令.您可以观看完整的系列或仅观看 Passport 部分.目前我被困在视频 4. 这是我的 堆栈溢出问题.

This is a Good Passport Video Tutorial which also uses the PostMan Chrome app for API calls. For those of you who are new to this API stuff, apps like PostMan will make your work a lot easier than using a "curl" Linux/Mac command. You could watch the complete series or just the Passport part. At the moment I'm stuck on video 4. Here's my Stack Overflow question.

资源

文章上面有很多资源，但我这里也有一些.

Many of the resources are all spread above in the article but I also have some here.

• 堆栈溢出 JWT 与 Oauth
• Oauth2的Auth0解释
• OAuth2 简介
• OAuth2 简化版