Laravel Passport Security

  laravel, laravel-passport, nuxt.js, oauth, security

I am wondering if there is anything else I can do to improve the security with Laravel Passport.

So when my SPA app makes a call to the backend it gets the token back(so it’s visible in user’s browser in the network tab) and logs the user in on the front end. So far I can see only three things I can do to secure the token:

  1. use https (duh!)
  2. send token over the POST and not GET
  3. give token reasonable lifetime like, let’s say, 8 hours

Is there anything else I can do to protect it?

Source: Laravel

Leave a Reply