I'm making a public API to allow third party websites to interact with my app, I was wondering what the best way to manage authentication would be. I'm currently looking into using Laravel Passport but I'm slightly confused by how the workflow should work.
Should I create clients for my users to then request their own tokens with or should I just have one client that I use to request tokens with and give the tokens out to the users.
I would quite like to use Laravel Passport as that integrates OAuth2 which is a very well known standard for authentication, but from reading the Passport documentation, it does not seem written with the intent of creating a public API as all the client creation 'methods' are through running artisan commands, not through controller methods.
UPDATE
What I am currently looking in to is letting users create an OAuth client by writing a controller that uses the same sort of code included in the php artisan passport:client command but is in a controller so it can be done from a frontend webpage. This would then give the user a client ID and secret which they could then use to follow the standard OAuth flow by requesting an access token with it. I'm not sure how correct this is or if this is a bit too indepth for a quite basic API but this is what I am thinking
You can try using this library. https://jwt-auth.readthedocs.io/en/develop/
It should work for your purposes.