-
Notifications
You must be signed in to change notification settings - Fork 783
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[13.x] Deprecate JSON API #1778
[13.x] Deprecate JSON API #1778
Conversation
Thanks for submitting a PR! Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface. Pull requests that are abandoned in draft may be closed due to inactivity. |
Hi @driesvints would you please merge 12.x into 13.x? thanks. |
Can we really fully remove this API? If there are bugs we could just fix them? Not every Laravel application will be using Jetstream... how will those people use Passport? |
@hafezdivandari done |
@taylorotwell This API falls outside the core purpose of Passport as an OAuth2 server implementation, which is why we can confidently remove it. Passport doesn't rely on this API for its primary functions, making it unnecessary. Similarly, Sanctum doesn't offer a JSON API for managing PATs - we use Sanctum for issuing tokens and Jetstream for managing them.
Not every app needs third-party client registration. We're deprecating this feature in favor of a more modern, opt-in alternative —the Jetstream OAuth feature— where this functionality naturally fits. Moreover, we're already asking developers to create their own UI to use this API. Building the backend for this is a straightforward CRUD operation, which is simpler for developers to implement on their side (even by copy / pasting deprecated controllers) than feature bloating Passport. |
We are redoing our starter kits so we shouldn't recommend Jetstream / Breeze for this UI. |
@taylorotwell This PR is still applicable, as we are not recommending any UI on this PR, just deprecating the JSON API as we don't have any UI for it and it's falls outside the core purpose of Passport as I explained earlier. but about redoing the starter kits, sorry I'm confused. You mean is there going to be a new starter kit to integrate Passport into? or the following 2 PRs on Jetstream / Breeze is going to be a waste of time even after this confirmation? cc @driesvints |
@hafezdivandari I think we would just want to repurpose that work towards our new starter kit work we take on this fall. 👍 |
@taylorotwell the bugs I mentioned earlier are now fixed and the upgrade guide is updated. |
This PR fixes a few bugs in the current implementation of JSON API and deprecates it because:
web
routes, 4 controllers, mostly not reusable, not customizable and too opinionated; Makes Passport feature bloated without adding much value.Deprecations
\Laravel\Passport\Http\Controllers\AuthorizedAccessTokenController
controller class.\Laravel\Passport\Http\Controllers\ClientController
controller class.\Laravel\Passport\Http\Controllers\PersonalAccessTokenController
controller class.\Laravel\Passport\Http\Controllers\ScopeController
controller class\Laravel\Passport\Http\Rules\RedirectRule
rule class.\Laravel\Passport\Http\Rules\UriRule
rule class.\Laravel\Passport\TokenRepository
repository class and itsfindForUser
andforUser
methods.\Laravel\Passport\ClientRepository::findForUser
,forUser
,update
, anddelete
repository methods.Removal
\Laravel\Passport\RefreshTokenRepository
repository class has been removed as it was a duplicate of\Laravel\Passport\Bridge\RefreshTokenRepository
class.\Laravel\Passport\TokenRepository::isAccessTokenRevoked
andrevokeAccessToken
,create
,find
,getValidToken
,save
, andfindValidToken
repository methods have been removed as they were duplicated on\Laravel\Passport\Bridge\AccessTokenRepository
class or weren't used.\Laravel\Passport\ClientRepository::activeForUser
andrevoked
methods have been removed as they weren't used.Changes
Passport::$registersJsonApiRoutes = false
.Upgrade Guide
You may call
Passport::$registersJsonApiRoutes = true
if you want to continue using deprecated JSON API.