[13.x] Deprecate JSON API #1778
Conversation
|
Thanks for submitting a PR! Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface. Pull requests that are abandoned in draft may be closed due to inactivity. |
|
Hi @driesvints would you please merge 12.x into 13.x? thanks. |
|
Can we really fully remove this API? If there are bugs we could just fix them? Not every Laravel application will be using Jetstream... how will those people use Passport? |
|
@hafezdivandari done |
@taylorotwell This API falls outside the core purpose of Passport as an OAuth2 server implementation, which is why we can confidently remove it. Passport doesn't rely on this API for its primary functions, making it unnecessary. Similarly, Sanctum doesn't offer a JSON API for managing PATs - we use Sanctum for issuing tokens and Jetstream for managing them.
Not every app needs third-party client registration. We're deprecating this feature in favor of a more modern, opt-in alternative —the Jetstream OAuth feature— where this functionality naturally fits. Moreover, we're already asking developers to create their own UI to use this API. Building the backend for this is a straightforward CRUD operation, which is simpler for developers to implement on their side (even by copy / pasting deprecated controllers) than feature bloating Passport. |
|
We are redoing our starter kits so we shouldn't recommend Jetstream / Breeze for this UI. |
|
@taylorotwell This PR is still applicable, as we are not recommending any UI on this PR, just deprecating the JSON API as we don't have any UI for it and it's falls outside the core purpose of Passport as I explained earlier. but about redoing the starter kits, sorry I'm confused. You mean is there going to be a new starter kit to integrate Passport into? or the following 2 PRs on Jetstream / Breeze is going to be a waste of time even after this confirmation? cc @driesvints |
|
@hafezdivandari I think we would just want to repurpose that work towards our new starter kit work we take on this fall. 👍 |
|
@taylorotwell the bugs I mentioned earlier are now fixed and the upgrade guide is updated. |
This PR fixes a few bugs in the current implementation of JSON API and deprecates it because:
webroutes, 4 controllers, mostly not reusable, not customizable and too opinionated; Makes Passport feature bloated without adding much value.Deprecations
\Laravel\Passport\Http\Controllers\AuthorizedAccessTokenControllercontroller class.\Laravel\Passport\Http\Controllers\ClientControllercontroller class.\Laravel\Passport\Http\Controllers\PersonalAccessTokenControllercontroller class.\Laravel\Passport\Http\Controllers\ScopeControllercontroller class\Laravel\Passport\Http\Rules\RedirectRulerule class.\Laravel\Passport\Http\Rules\UriRulerule class.\Laravel\Passport\TokenRepositoryrepository class and itsfindForUserandforUsermethods.\Laravel\Passport\ClientRepository::findForUser,forUser,update, anddeleterepository methods.Removal
\Laravel\Passport\RefreshTokenRepositoryrepository class has been removed as it was a duplicate of\Laravel\Passport\Bridge\RefreshTokenRepositoryclass.\Laravel\Passport\TokenRepository::isAccessTokenRevokedandrevokeAccessToken,create,find,getValidToken,save, andfindValidTokenrepository methods have been removed as they were duplicated on\Laravel\Passport\Bridge\AccessTokenRepositoryclass or weren't used.\Laravel\Passport\ClientRepository::activeForUserandrevokedmethods have been removed as they weren't used.Changes
Passport::$registersJsonApiRoutes = false.Upgrade Guide
You may call
Passport::$registersJsonApiRoutes = trueif you want to continue using deprecated JSON API.