bro what is the best way to auth the api endpoints client id and secret in header or the token that gets expired everyday and then use the new one give me answer with example most of the people told me it depends but what exactly depends
First you need to understand there are two types of token. Access token and refresh token. Access token expire after an hour and than you can regenerate your access token using refresh token
@@hadayatniazi yes i am referring to access token from sanctum now tell me if i do auth using sanctum token and somebody claims that this approach should be replaced with client id and secret so what should my response to that
Sanctum is simple and light weight package which provide us authentication. You can say that sanctum is used for straightforward authentication, but if you need more advance security then go with client secret, key approach, it's complex but provide higher security.
Much needed tutorial 👌👌
Thank you very much Asfia.
Thank you sir g
You are welcome Naveed
bro what is the best way to auth the api endpoints
client id and secret in header or the token that gets expired everyday and then use the new one
give me answer with example most of the people told me it depends but what exactly depends
First you need to understand there are two types of token. Access token and refresh token. Access token expire after an hour and than you can regenerate your access token using refresh token
@@hadayatniazi yes i am referring to access token from sanctum
now tell me if i do auth using sanctum token and somebody claims that this approach should be replaced with client id and secret so what should my response to that
Sanctum is simple and light weight package which provide us authentication. You can say that sanctum is used for straightforward authentication, but if you need more advance security then go with client secret, key approach, it's complex but provide higher security.