What are the main difference between Personal access client and Password client in laravel passport?

Question

I am new to oAuth2 and laravel-passport, i don't fully understand the difference between getting access token using personal access client and password client. Your explanation would be highly appreciated. Thank you

Answer 1

First, Having a basic understanding of OAuth can wipe a little bit confusion. So, I'll suggest you to become familiar with general terminology. Some articles:

• http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/
• https://alexbilbie.com/guide-to-oauth-2-grants/

Now lets get back to your question!

• Personal Access Clients who has personal access tokens are authorized to access your Resource Server. Personal access tokens are good for giving third party applications access to your API without requiring your user to input their credentials in a potentially untrusted client.

• On the other hand, Password Grant Clients are your clients and you'd use password grant for them, where it is safe for the users to provide their credentials manually. password grant tokens generate while users provide valid credentials. Its generally used for first party clients and should not be used by third party clients.