Passport: Using Passport without using JWT Tokens?

Created on 24 Oct 2017 · 3Comments · Source: laravel/passport

From my understanding, Passport issues JWT tokens to the user - I keep seeing OAuth 2 examples with access tokens that are around 40 - 60 characters in length. Currently, my bearer tokens are around 1070 characters long, which is way more than I'd like. When creating my private & public key for passport I tried changing to the bit of the key to 1024 which reduced it to around 550 but from my understanding if I want a very short token I need to use a solution other than JWT. So my question is, is Passport explicitly tied to JWT tokens and with the Laravel Passport implementation is it in any-way possible to reduce the token size?

Thanks

Source

Patskimoto

👍4

All 3 comments

Can anyone shed _any_ light on this?

Patskimoto on 9 Nov 2017

+1 for this - I don't need the access token returned by Passport to be a JWT, just a standard access token/refresh token I can store with the client.

At the moment the access token which comes back is huge and therefore won't fit in a cookie.

It would be amazing if there was some way to configure passport to generate plain access tokens, the only reason I can think of why they are JWTs by default is so an app can consume itself using the Vue scaffolding as seen in this video: https://laracasts.com/series/whats-new-in-laravel-5-3/episodes/13

mikefrancis on 23 Nov 2017

👍1

Laravel Passport uses the PHP League's OAuth 2.0 Server package underneath. When generating HTTP Responses when issuing access tokens, this packages automatically embeds the token in a JWT. Because of the way JWT is so connected and implemented in Passport I believe it would be very hard or even impossible to adapt it in a way that it could be used with plain access tokens.

So basically this is not something Passport will be supporting anytime soon, sorry.